Solved: Re: DHCP DORA--> Broadcasts or Unicasts?

Vasconcelos · ‎04-19-2018

Hi, everyone,

So, I've done a lot research and have found a lot contradicting information

Does someone know the classifications of the DHCP Discover, DHCP Offer, DHCP Request, DHCP Acknowledge in regard to them being Broadcasts or Unicasts?

I've found two comments that make sense on the Internet, but which one is true?

I'll rate the comments of everyone who helps

"Hi,

In the DHCP discover there is a flag called the broadcast bit that the client uses to tell the server how he would like the offer to be: broadcast if it is on or unicast if it is off but the server makes the final decision based on its capability.

Cisco routers when acting as dhcp clients have this broadcast bit turned off by default and so the dhcp offer from a Cisco router is unicasted.

Regards.

Alain"

"

The client sends DHCPDiscover. It is broadcast both in Layer 2 and Layer 3.
The server replies with DHCPOffer. It's broadcast in Layer 3 but unicast in Layer 2.
The client replies with DHCPRequest. It's broadcast in both Layers 2/3.
The server sends DHCPAck. It's broadcast in Layer 3 but unicast in Layer 2.

As you see, at Layer 3 all communication is broadcast. This makes sense as the client does not have an IP address. However, what many people overlook is both client and server have Layer 2 (i.e. MAC) addresses, so unicast communication is possible at Layer 2.

At Layer 2, the client's messages are always broadcast, and those of the server's can be unicast or broadcast depending on how vendor implemented it."

Francesco Molino · ‎04-19-2018

Hi

Below the dhcp process:

Client to server will always be broadcast.

Server to client is unicast if broadcast bit isn't set by client. Some clients aren't able to receive unicast IP datagram, then they will set the broadcast bit and the server will know it has to reply using broadcast packets instead of unicast

You can also take a look on rfc 2131 at chapter 4.1:

https://www.ietf.org/rfc/rfc2131.txt

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎04-20-2018

on the capture shared, the packet is a broadcast and not unicast.

Take a look on this paragraph from RFC:

 If the 'giaddr' field in a DHCP message from a client is non-zero,
   the server sends any return messages to the 'DHCP server' port on the
   BOOTP relay agent whose address appears in 'giaddr'. If the 'giaddr'
   field is zero and the 'ciaddr' field is nonzero, then the server
   unicasts DHCPOFFER and DHCPACK messages to the address in 'ciaddr'.
   If 'giaddr' is zero and 'ciaddr' is zero, and the broadcast bit is
   set, then the server broadcasts DHCPOFFER and DHCPACK messages to
   0xffffffff. If the broadcast bit is not set and 'giaddr' is zero and
   'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
   messages to the client's hardware address and 'yiaddr' address.  In
   all cases, when 'giaddr' is zero, the server broadcasts any DHCPNAK
   messages to 0xffffffff.

It explains when the offer and ack is broadcast or unicast.

ciaddr stands for client IP and giaddr is for relay agent.

Take a look on this web site on which captures are shared and you can see that DHCPOFFER is sent as unicast:

http://ranjanbhandari.blogspot.ca/2009/08/dhcp-dora-process-explained.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎04-19-2018

Hi

Below the dhcp process:

Client to server will always be broadcast.

Server to client is unicast if broadcast bit isn't set by client. Some clients aren't able to receive unicast IP datagram, then they will set the broadcast bit and the server will know it has to reply using broadcast packets instead of unicast

You can also take a look on rfc 2131 at chapter 4.1:

https://www.ietf.org/rfc/rfc2131.txt

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Vasconcelos · ‎04-20-2018

So, are there any errors in the information below?

What would be the Destination IP Address of the DHCP Offer and ACK in bold below?

According to RFC 5735, the IP Address 0.0.0.0 cannot be used as the Destination IP Address.

DHCP Client and Server in the same VLAN

DHCP Discover (Broadcast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 68 (DHCP Client)

- Destination Port--> UDP Port 67 (DHCP Server)

- Layer 3 (Network Layer)

- Source IP Address--> 0.0.0.0

- Destination IP Address--> 255.255.255.255

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Client’s MAC Address

- Destination MAC Address--> FFFF.FFFF.FFFF

DHCP Offer (Unicast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> ??

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> DHCP Client’s MAC Address

DHCP Request (Broadcast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 68 (DHCP Client)

- Destination Port--> UDP Port 67 (DHCP Server)

- Layer 3 (Network Layer)

- Source IP Address--> 0.0.0.0

- Destination IP Address--> 255.255.255.255

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Client’s MAC Address

- Destination MAC Address--> FFFF.FFFF.FFFF

DHCP Ack (Unicast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> ??

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> DHCP Client’s MAC Address

Deepak Kumar · ‎04-20-2018

Hi,

HCP Offer (Unicast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> ??

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> DHCP Client’s MAC Address

Ans:

- Destination IP Address--> 255.255.255.255

DHCP Ack (Unicast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> ??

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> DHCP Client’s MAC Address

Ans::

- Destination IP Address--> 255.255.255.255

For the more details, I am going to attach a picture.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Vasconcelos · ‎04-20-2018

So, DHCP Offer and Ack are Broadcasts also. Only the DHCP Clients will de-encapsulate them from Layer 4 up, because they are the only ones listening on UDP Port 68.

Considering the DHCP Client has no IP Address yet and both the Client and Server are in the same VLAN, the parts in red below are correct then, right?

DHCP Offer (Broadcast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> 255.255.255.255

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> FFFF.FFFF.FFFF

DHCP Ack (Broadcast)

- Layer 4 (Transport Layer)

- Source Port--> UDP Port 67 (DHCP Server)

- Destination Port--> UDP Port 68 (DHCP Client)

- Layer 3 (Network Layer)

- Source IP Address--> DHCP Server’s IP Address

- Destination IP Address--> 255.255.255.255

- Layer 2 (Data Link Layer)

- Source MAC Address--> DHCP Server’s MAC Address

- Destination MAC Address--> FFFF.FFFF.FFFF

Francesco Molino · ‎04-20-2018

on the capture shared, the packet is a broadcast and not unicast.

Take a look on this paragraph from RFC:

 If the 'giaddr' field in a DHCP message from a client is non-zero,
   the server sends any return messages to the 'DHCP server' port on the
   BOOTP relay agent whose address appears in 'giaddr'. If the 'giaddr'
   field is zero and the 'ciaddr' field is nonzero, then the server
   unicasts DHCPOFFER and DHCPACK messages to the address in 'ciaddr'.
   If 'giaddr' is zero and 'ciaddr' is zero, and the broadcast bit is
   set, then the server broadcasts DHCPOFFER and DHCPACK messages to
   0xffffffff. If the broadcast bit is not set and 'giaddr' is zero and
   'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
   messages to the client's hardware address and 'yiaddr' address.  In
   all cases, when 'giaddr' is zero, the server broadcasts any DHCPNAK
   messages to 0xffffffff.

It explains when the offer and ack is broadcast or unicast.

ciaddr stands for client IP and giaddr is for relay agent.

Take a look on this web site on which captures are shared and you can see that DHCPOFFER is sent as unicast:

http://ranjanbhandari.blogspot.ca/2009/08/dhcp-dora-process-explained.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Vasconcelos · ‎04-21-2018

Francesco Molino · ‎04-22-2018

I though you posted something but not able to see your new post

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Vasconcelos · ‎04-23-2018

I understood what you explained reading the RFC and using Wireshark to verify.

Thanks for the help

Francesco Molino · ‎04-24-2018

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Deepak Kumar · ‎04-22-2018

Hi, Thanks for your reply. But I was captured on Cisco router lab. And one more thing which I forgot to mention that if your client is restarted or renew DHCP release then it will use unicast packet.

I checked the URL. Why is DHCP Release packet first? Means client forcefully release the IP address with the command "IPCONFIG /Release" "IPCONFIG /Renew" (If windows client).

Please clear this point.

According to Microsoft:

DHCPRelease

A DHCP client sends a DHCPRelease packet to the server to release the IP address and cancel any remaining lease.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc958940(v=technet.10)

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Deepak Kumar · ‎04-20-2018

Hi,

The DHCP client broadcasts DHCPDISCOVER, DHCPREQUEST and DHCPINFORM
   messages, unless the client knows the address of a DHCP server.  The
   client unicasts DHCPRELEASE messages to the server.  Because the
   client is declining the use of the IP address supplied by the server,
   the client broadcasts DHCPDECLINE messages.

   When the DHCP client knows the address of a DHCP server, in either
   INIT or REBOOTING state, the client may use that address in the
   DHCPDISCOVER or DHCPREQUEST rather than the IP broadcast address.
   The client may also use unicast to send DHCPINFORM messages to a
   known DHCP server.  If the client receives no response to DHCP
   messages sent to the IP address of a known DHCP server, the DHCP
   client reverts to using the IP broadcast address.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Vasconcelos · ‎04-20-2018

I can't reply to several people at the same time, so the last post is for you too

Thanks for the help