I was reading DHCP ( RFC 2131 ), I have basic knowledge about Relay Agent and Broadcasting. But for Understanding DHCP in depth, I felt like I have to know Broadcasting and Relay Agent ( RFC 1542 ) in details. But could not find any RFC (RFC919,922 not much helpful) for broadcasting in details.
-
How broadcast packet routes ? Because if the packet is intended for a different network than source, obviously the router will drop the packet. Is there any protocols for this ? Does router prevents all broadcasting or only the Limited/Local broadcast ?
-
Can we send a packet with destination as a direct/limited broadcast IP without a broadcast MAC address ? If Yes, I think because of a perticular MAC address the packet will forward to a single Host, So the question, in which case this would be helpful.
-
Consider a router is enabled by relay agent. When a DHCPDiscover ( which is a broadcast packet ) comes to that router, How does it proceed ? Because first thing its a broad cast IP also the network "0" is there, Does always relay-agent first checks the packet if the Packet is of DHCP ?
My questions are not from a perticular subject (DHCP ond Broadcasting ), so you might be angry, But Please do help me. Thank You
Best Answer
How Routers Handle Limited and Directed Broadcasts
The first thing to understand to answer your questions is that limited broadcast frames are not routed. By default when a router receives a frame with a destination address that is broadcast at either layer 2 or layer 3, the router simply drops the frame. That's why routers are said to be the boundary of broadcast domains.
Some examples of these would be:
ff-ff-ff-ff-ff-ff(layer 2 broadcast)255.255.255.255(layer 3 limited broadcast)Thinking about it, this makes sense. If routers forwarded broadcasts a single arp request would reach every single reachable host on the internet which would be terribly inefficient and rather silly.
Directed broadcasts on the other hand are sometimes routed. (I.E.
192.168.1.255/24) Normally by default this functionality is disabled but can be enabled by issuing theip directed-broadcastcommand on the router. This will allow it to forward directed broadcasts according to its routing table as if they were normal packets. This does not however allow the router to forward limited broadcasts, those are still blocked by default. This is also slightly off topic as to your original question, see this cisco forms page for more on this.Layer 3 Broadcast But not Layer 2?
To answer your second question, it would make no sense to have a frame with a layer 3 broadcast address without a layer 2 broadcast address. This would defeat the entire purpose of it being a broadcast frame and just not work outright. Having a unicast layer 2 destination address would not change the router's behavior at all since the router makes its decisions at layer 3. All the router cares about is that
255.255.255.255destination address and drops the packet.Where this would matter is with switches which don't care about the layer 3 address at all. The switches would only see the unicast layer 2 address. Instead of sending the packet out all interfaces on the same vlan it would use the source address table (SAT) like it would with any other unicast destination address. In effect, by assigning a unicast layer 2 address the frame is no longer a broadcast frame at all even though it has the
255.255.255.255address at layer 3.How DHCP Relay Works in Practice
As for your last question, DHCP relay is a router's way of "cheating" around the rule about not forwarding broadcast packets. Let's look at a DHCP Discover packet:
ff-ff-ff-ff-ff-ff0.0.0.0255.255.255.255When the router sees a packet arrive on an interface with the
ip helper-addresscommand configured it checks to see is it matches any of the protocols that are "helped" by default or configured with the globalip forward-protocolcommand. In this case because it's DHCP the router sees that the destination port matches UDP 67 and allows the packet to be "helped". The router then changes the destination IP address from255.255.255.255to the IP address configured by theip helper-addresscommand as well as changing the source address to the address of the router interface on which the packet arrived and passes the packet along to the rest of the routing logic.Now that the packet has a unicast destination address the router treats it like any other packet. It arps for the destination IP address (which is now that helper address) and then replaces the layer 2 addresses before sending the packet out the appropriate interface.
Getting Back Again
The router uses essentially the same process in reverse for the DHCP offer that is sent back to the client. The DHCP servers sends the offer to the IP address that was specified as the source address on the DHCP Discover packet. So the packet leaving the DHCP server looks like:
Since this packet has a unicast layer 3 destination address routers will forward the packet normally until it reaches the router with an interface that has an IP address matching the destination IP of the packet. Remember from earlier that this router has the
ip helper-addressconfiguration on that interface still. The router checks if the packet is a DHCP Offer then rewrites the packet to become a broadcast packet and sends it back out that interface knowing that the DHCP client is somewhere on that network segment. The packet leaving the router now looks like this.ff-ff-ff-ff-ff-ff255.255.255.255TL:DR; DHCP relay using the
ip helper-addressinterface subcommand "cheats" around the rule that routers cannot forward limited broadcasts by changing the packet's destination IP address to the unicast IP address of the DHCP server before routing it. This allows all routers down the line to route the packet appropriately to the DHCP server. When replying the DHCP server sends the packet back to the unicast IP address of the router interface that first received the DHCP Discover packet (the one with theip helper-interfacecommand). When the router receives the offer back it converts it back to a broadcast packet and sends it out the interface with the client in its broadcast domain.