technology, networking and IP telephony
Posts tagged SRX
DHCP/BOOTP Relay with Juniper SRX Gateways
0September 12, 2010
by Michael McNamara in Juniper
I’ve recently started deploying the Juniper SRX series gateways, placing an SRX 210 at branch office locations with an SRX 650 at the main office locations. We utilize a central DHCP/DNS/IPAM solution so we prefer to relay all DHCP/BOOTP requests to one of our centralized DHCP/DNS servers as opposed to utilizing the DHCP server functionality built into the SRX itself.
I had to spend more than a few minutes trying to get the DHCP relay working on the SRX 210. The configuration was pretty straight forward, the trick in the end was the “vpn” statement (see below) that allows the DHCP/BOOTP packets to be relayed across a VPN tunnel. Please note that the DHCP server at 10.1.1.1 is accessible via the VPN tunnel.
forwarding-options {
helpers {
bootp {
relay-agent-option;
description "Branch DHCP Relay";
server 10.1.1.1;
maximum-hop-count 10;
minimum-wait-time 1;
vpn;
interface {
vlan.0;
}
}
}
}The next big step will be deploying OSPF between all the SRX gateways.
Cheers!
Juniper SRX JUNOS Software Upgrade 10.1R1.8
5April 20, 2010
We recently purchased two Juniper SRX 650s to replace our aging Nortel VPN Routers (formerly Contivity Extranet Switches). We finally have both gateways/routers/firewalls racked and connected to the network and we started working our way through the JUNOS configuration and command line interface. The SRX650 we received from our reseller came with 10.0R8 so we decided to upgrade them to 10.1R1.8 based on some feedback we had received from Juniper concerning the slow response from the Web GUI while evaluating the SRX platform a few months ago.
You can find the release notes for JUNOS 10.1 on the Juniper website.
We started by placing the software (junos-srxsme-10.1R1.8-domestic.tgz) on an internal web server (10.1.20.1).
The upgrade itself took at least 5 minutes and the reboot took at least another 5 minutes, you definitely need to be patient when upgrading the SRX. It took a really long time compared to anything else I’ve upgraded in the past.
root> request system software add http://10.1.20.1/junos-srxsme-10.1R1.8-domestic.tgz reboot /var/tmp/incoming-package.1145 1500 kB 1500 kBps Package contains junos-10.1R1.8.tgz ; renaming ... NOTICE: Validating configuration against junos-10.1R1.8.tgz. NOTICE: Use the 'no-validate' option to skip this if desired. Formatting alternate root (/dev/ad0s2a)... /dev/ad0s2a: 631.0MB (1292236 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 157.75MB, 10096 blks, 20224 inodes. super-block backups (for fsck -b #) at: 32, 323104, 646176, 969248 ** /dev/altroot FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 317928 free (24 frags, 39738 blocks, 0.0% fragmentation) Checking compatibility with configuration Initializing... Verified manifest signed by PackageProduction_10_0_0 Verified junos-10.0R1.8-domestic signed by PackageProduction_10_0_0 Using junos-10.1R1.8-domestic from /altroot/cf/packages/install-tmp/junos-10.1R1.8-domestic Copying package ... Saving boot file package in /var/sw/pkg/junos-boot-srxsme-10.1R1.8.tgz veriexec: cannot update veriexec for /cf/var/validate/chroot/junos/etc/voip/musiconhold.conf: No such file or directory Verified manifest signed by PackageProduction_10_1_0 Hardware Database regeneration succeeded Validating against /config/juniper.conf.gz cp: /cf/var/validate/chroot/var/etc/resolv.conf and /etc/resolv.conf are identical (not copied). cp: /cf/var/validate/chroot/var/etc/hosts and /etc/hosts are identical (not copied). Port based Network Access Control: rtslib: ERROR kernel does not support all messages: expected 95 got 94,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg gencfg: expected 104 got 103,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg gencfg-stats: expected 104 got 103,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg fc fabric: expected 97 got 84,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: ERROR kernel does not support all messages: expected 95 got 94,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg gencfg: expected 104 got 103,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg gencfg-stats: expected 104 got 103,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: WARNING version mismatch for msg fc fabric: expected 97 got 0,a reboot or software upgrade may be required Port based Network Access Control: Port based Network Access Control: rtslib: ERROR IDL IDR Decode Error -1(Garbled Message) Link Layer Discovery Protocol: rtslib: ERROR kernel does not support all messages: expected 95 got 94,a reboot or software upgrade may be required Link Layer Discovery Protocol: Link Layer Discovery Protocol: rtslib: WARNING version mismatch for msg gencfg: expected 104 got 103,a reboot or software upgrade may be required Link Layer Discovery Protocol: Link Layer Discovery Protocol: rtslib: WARNING version mismatch for msg gencfg-stats: expected 104 got 103,a reboot or software upgrade may be required Link Layer Discovery Protocol: Link Layer Discovery Protocol: rtslib: WARNING version mismatch for msg fc fabric: expected 97 got 0,a reboot or software upgrade may be required Link Layer Discovery Protocol: mgd: commit complete Validation succeeded Installing package '/altroot/cf/packages/install-tmp/junos-10.1R1.8-domestic' ... Verified junos-boot-srxsme-10.1R1.8.tgz signed by PackageProduction_10_1_0 Verified junos-srxsme-10.1R1.8-domestic signed by PackageProduction_10_1_0 Saving boot file package in /var/sw/pkg/junos-boot-srxsme-10.1R1.8.tgz JUNOS 10.1R1.8 will become active at next reboot Saving package file in /var/sw/pkg/junos-10.1R1.8 ... cp: /altroot/cf/packages/install-tmp/junos-10.1R1.8-domestic is a directory (not copied). Saving state for rollback ... Rebooting ... shutdown: [pid 1888] Shutdown NOW! *** FINAL System shutdown message from root@ *** System going down IMMEDIATELY
I hope to post some additional information as we move forward with the Juniper SRX platform.
Cheers!
