Linksys + Juniper = Considered Harmful

David W. Hankins David_Hankins at
Mon Mar 23 16:15:13 UTC 2009

Yesterday I had an opportunity to observe the debugging of a problem
getting little Linksys devices (those 'portable NAT boxes' people use
to get WiFi in a hotel room mostly but it seemed to run the gamut of
product lines) to obtain a DHCP lease.

It actually turned out to be an IP bug in the Linksys, not DHCP at
all.  But we'll get to that later.

The clients were just on a straight ethernet switch, with Juniper
routers acting as relay agents, talking to an ISC DHCP 3.0.7 server.
The Junipers were configured with their, apparently new, 'Extended
DHCP Relay Agent', which is separate from their older BOOTP relay
agent (and both are still present).

What does this 'extended DHCP relay' mean?  Well, I don't know, but I
know how it behaves differently from their (better) BOOTP
implementation on the wire.

First, their extended DHCP relay does not support unicast-without-arp.
So INIT state clients that haven't been configured yet, but have
signaled they can receive unicasts by clearing the BROADCAST flag,
will still receive broadcast responses (DHCPOFFER and DHCPACK).  This
isn't a problem, except that their BOOTP agent code unicasts just
fine.  Why would anyone take this step backwards?  It's just a waste
of your broadcast channel.

Second, their Extended DHCP Relay Agent sets the IP TTL field of
packets they transmit to 1.  Their BOOTP relay agent actually lets you
configure the IP TTL.  The default is not 1 (I don't actually know the
default, we started out configuring 16 to control variables).

So, switching back to the bootp relay code, the linksys boxes work

Configuring the bootp relay code to send a TTL of 1, no other changes,
and the linksys boxes break again.

It seems clear that these little Linksys boxes are decrementing the
TTL field before comparing it for zero value.

And hence, can't receive DHCP packets with a ttl of 1.

The moral of the story is to avoid Juniper's Extended DHCP Relay

David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the dhcp-users mailing list