SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Duplicate IP addresses in dhcp table

    Posted 03-31-2014 05:34

    Hello! Help me with my problem:

    I have firewall SRX240H. Periodically, appear duplicate IP addresses in the dhcp table:

     

    user@GW1> show system services dhcp binding
    IP address Hardware address Type Lease expires at

    .........

    192.168.53.114 00:14:d1:53:32:a5 dynamic 2014-04-01 14:26:58 MSK
    192.168.53.103 64:5a:04:71:76:ac dynamic 2014-04-01 08:05:38 MSK
    192.168.53.103 70:5a:b6:61:a5:d1 dynamic 2014-04-01 14:35:23 MSK
    192.168.53.114 c4:17:fe:f9:5e:ad dynamic 2014-04-01 09:31:50 MSK

     .........

     

    After command <clear system services dhcp binding> the problem disappears for some time and hosts receive IP addresses with no problem. Duplication may occur for different hosts with mac-addresses and in various days. 

     

    Мy config is very simple:

     

    user@GW1# show system services dhcp

    dhcp {
              domain-name name.ru;
               name-server {
              192.168.50.4;
               pool 192.168.53.0/24 {

                          address-range low 192.168.53.100 high 192.168.53.199;
                          router {
                          192.168.53.1;
    }
    propagate-settings vlan.53;

     

    .............

    user@GW1# show interfaces vlan unit 53

    unit 53 {
                  family inet {
                 address 192.168.53.1/24;

    .......

    user@GW1# show interfaces ge-0/0/5
    unit 0 {
               family ethernet-switching {
                          vlan {
                                   members VLAN_53;
                          }
              }
    }



    I executed the following actions:

    1) Reboot SRX

    2) Upgrade JUNOS to the last version 11.4R10.3

     



  • 2.  RE: Duplicate IP addresses in dhcp table

    Posted 03-31-2014 15:49

    Hi there,

     

    This does look strange, I wonder whether the SRX is showing expired leases alongside active ones?

     

    Have a look at the following:

    show system services dhcp binding detail

     

    It adds an extra column showing active and expired entries - perhaps this is a cosmetic bug?

     

    Cheers,



  • 3.  RE: Duplicate IP addresses in dhcp table

    Posted 03-31-2014 23:01

    Today I looked dhcp table with command: 

    show system services dhcp binding detail

     

    192.168.53.110   20:cf:30:9c:51:67  dynamic  2014-04-01 18:27:40 MSK  active
    192.168.53.110   2c:f4:c5:f0:8a:33  dynamic  2014-04-02 08:21:23 MSK  active
    192.168.53.110   70:5a:b6:61:a5:f3  dynamic  2014-04-02 08:13:17 MSK  active
    192.168.53.114   00:0c:e7:64:bc:2a  dynamic  2014-04-02 08:44:00 MSK  active
    192.168.53.114   00:14:d1:53:32:a5  dynamic  2014-04-02 09:42:23 MSK  active

     

    The problem still repeats...

    It is not a cosmetic bug, because affected users complains that network card don't get any IP address



  • 4.  RE: Duplicate IP addresses in dhcp table
    Best Answer

    Posted 04-01-2014 15:06

    Hi there,

     

    I've done some extra digging on this for you; you are hitting PR953586.

     

    Number PR953586
    Title DHCP server might assign same IP to different hosts
    Release Note 
    On EX Series switches which work as a DHCP server, if the server receives a DHCP INFORM packet from a binding client and then this binding entry is released by issuing command "clear system services dhcp binding" or receiving a DHCP RELEASE packet from the same client, causing the same IP address might be assigned to different hosts.
    Severity Major
    Status Closed
    Last Modified 2014-03-12 21:14:33 PDT
    Resolved In 12.3R5-S2 12.3R6 13.2R4 13.3R2 14.1R1
    Operating System Junos
    Product EX-series, SRX Series
    Functional Area software
    Feature Group Authentication and Access Control
    Workaround 
    When this issue occurs, issuing "clear system services dhcp binding" or restarting the dhcpd process might recover service.
root@switch> clear system services dhcp binding
OR
root@switch> restart dhcp
    Problem 
    Same IP address might be assigned to different hosts, causing IP conflict. When this issue occurs, the error binding info could be seen by executing the following command "show system services dhcp binding detail"
root@switch> show system services dhcp binding detail
10.121.4.63      00:0b:86:6e:a3:90  dynamic  2014-01-08 21:02:58 IST  active       
10.121.4.63      38:60:77:b4:2a:97  dynamic  2014-01-08 21:02:38 IST  active
    Triggers 
    This issue might be seen if following conditions are met: 
* On EX Series switches
* Work as a DHCP server
* Receive a DHCP INFORM packet from a binding client 
* Release the same binding client's entry by issuing command "clear system services dhcp binding" or receiving a DHCP RELEASE packet from the same client

     

    I know that the unedited text references EX, the PR is valid for the SRX platform too.

     

    You'd have to contact JTAC to confirm which release the fix is in for the SRX platform as none of the releases are aimed at the SRX platform:

     

    I'm going to flag the lack of SRX code releases in the PR database to the relevant teams within Juniper.

     

    I hope this is of help,



  • 5.  RE: Duplicate IP addresses in dhcp table

    Posted 04-02-2014 04:25

    Thanks for so detailed explanation. 

    It is a pity that I have no service contract to address this issue to JTAC.

     



  • 6.  RE: Duplicate IP addresses in dhcp table

    Posted 04-03-2014 16:08

    Ok, I pulled a few strings and there is an internal PR for the SRX and the issues will be resolved in:

    12.1X44-D35, 12.1X45-D25, 12.1X46-D20, and 12.1X47-D10

     

    None of these are out yet, but personally I'd be looking at the X44-D35 as this is EEoL and mature. You should be able to still download code, without active support IIRC.

     

    HTH,



  • 7.  RE: Duplicate IP addresses in dhcp table

    Posted 04-03-2014 22:17

    In this regard I have a question - may I install a version 12.1X44-D35 on my old SRX240H despite the fact that JTAC recommend release 11.4R10.3 ? Whether it will work?



  • 8.  RE: Duplicate IP addresses in dhcp table

    Posted 04-03-2014 23:16

    Yes, it is only recommended.
    I saw this problem on my SRX, tnx