1.2.8 DHCP Relay
DHCP clients use IP broadcasts to find the DHCP server on the segment. What happens when the server and the client are not on the same segment and are separated by a router? Routers do not forward these broadcasts.
DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices may use broadcasts to locate TFTP servers. Some clients may need to broadcast to locate a TACACS server. A TACACS server is a security server. Typically, in a complex hierarchical network, clients do not reside on the same subnet as key servers. Such remote clients will broadcast to locate these servers. However, routers, by default, will not forward client broadcasts beyond their subnet.
Because some clients are useless without services such as DHCP, one of two choices must be implemented. The administrator will need to place servers on all subnets or use the Cisco IOS helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative difficulties making the first option inefficient. When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
By using the helper address feature, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address. By default, the ip helper-address command forwards the following eight UDP services:
This packet is picked up by the gateway. If a helper-address is configured, the DHCP packet is forwarded to the specified address. Before forwarding the packet, the router fills in the GIADDR field of the packet with the IP address of the router for that segment. This address will then be the gateway address for the DHCP client, when it gets the IP address. 
The DHCP server receives the discover packet. The server uses the GIADDR field to index into the list of address pools in order to find one which has the gateway address set to the value in GIADDR. This pool is then used to supply the client with its IP address.
DHCP clients use IP broadcasts to find the DHCP server on the segment. What happens when the server and the client are not on the same segment and are separated by a router? Routers do not forward these broadcasts.
DHCP is not the only critical service that uses broadcasts. Cisco routers and other devices may use broadcasts to locate TFTP servers. Some clients may need to broadcast to locate a TACACS server. A TACACS server is a security server. Typically, in a complex hierarchical network, clients do not reside on the same subnet as key servers. Such remote clients will broadcast to locate these servers. However, routers, by default, will not forward client broadcasts beyond their subnet.
Because some clients are useless without services such as DHCP, one of two choices must be implemented. The administrator will need to place servers on all subnets or use the Cisco IOS helper address feature. Running services such as DHCP or DNS on several computers creates overhead and administrative difficulties making the first option inefficient. When possible, administrators should use the ip helper-address command to relay broadcast requests for these key UDP services.
By using the helper address feature, a router can be configured to accept a broadcast request for a UDP service and then forward it as a unicast to a specific IP address. By default, the ip helper-address command forwards the following eight UDP services:
- Time
- TACACS
- DNS
- BOOTP/DHCP Server
- BOOTP/DHCP Client
- TFTP
- NetBIOS Name Service
- NetBIOS datagram Service
This packet is picked up by the gateway. If a helper-address is configured, the DHCP packet is forwarded to the specified address. Before forwarding the packet, the router fills in the GIADDR field of the packet with the IP address of the router for that segment. This address will then be the gateway address for the DHCP client, when it gets the IP address. The DHCP server receives the discover packet. The server uses the GIADDR field to index into the list of address pools in order to find one which has the gateway address set to the value in GIADDR. This pool is then used to supply the client with its IP address.
No comments:
Post a Comment