A couple of weeks ago, I started to implement virtual routers in my SRX300. The reason being a new external subnet that needed to route to a specific security zone. Using the default VR only wouldn't work because of the (single) default route.
Implementing it was fairly easy. The trouble began this week;
- Wireless controller not accessible
- Client with weird behaviour
- etc.
In my network, I have 1 DHCP server serving multiple internal subnets. The (basic) DHCP relay configuration was:
set forwarding-options dhcp-relay maximum-hop-count 10 set forwarding-options dhcp-relay client-response-ttl 10 set forwarding-options dhcp-relay server-group DHCP_Server 192.168.x.x set forwarding-options dhcp-relay active-server-group DHCP_Server set forwarding-options dhcp-relay group clients active-server-group DHCP_Server set forwarding-options dhcp-relay group clients interface ge-0/0/0.1 set forwarding-options dhcp-relay group clients interface ge-0/0/0.20 set forwarding-options dhcp-relay group clients interface ge-0/0/0.30 set forwarding-options dhcp-relay group clients interface ge-0/0/0.200
Turns out that this stops to function when implementing Virtual Routers. Something I forgot to adjust. And since the DHCP scope on my server was set to a lease-time of 14 days.... That means that problems tend to introduce themselves after a couple of days.....
Anyway, after changing the DHCP relay configuration to include the correct Virtual Router name (DEFAULT) everything worked just fine.
set routing-instances DEFAULT forwarding-options dhcp-relay maximum-hop-count 10 set routing-instances DEFAULT forwarding-options dhcp-relay client-response-ttl 10 set routing-instances DEFAULT forwarding-options dhcp-relay server-group DHCP_Server 192.168.x.x set routing-instances DEFAULT forwarding-options dhcp-relay active-server-group DHCP_Server set routing-instances DEFAULT forwarding-options dhcp-relay group clients active-server-group DHCP_Server set routing-instances DEFAULT forwarding-options dhcp-relay group clients interface ge-0/0/0.1 set routing-instances DEFAULT forwarding-options dhcp-relay group clients interface ge-0/0/0.20 set routing-instances DEFAULT forwarding-options dhcp-relay group clients interface ge-0/0/0.30 set routing-instances DEFAULT forwarding-options dhcp-relay group clients interface ge-0/0/0.200
So. DHCP is a bit like DNS. Both have timers (TTL and lease-time) that might bite you in the butt.