I have a problem using "ip directed-brodcast" to get to my goal... and hopefully you can give me some hints.
scenario: distribution-area is: 10.10.128.0 (255.255.128.0)
subnetted into different vlans / networks e.g.:
VLAN10: 10.10.138.0 (255.255.254.0)
VLAN20: 10.10.148.0 (255.255.254.0)
VLAN70: 10.10.198.0 (255.255.254.0)
One host within VLAN70 (10.10.198.40) should be able to distribute some informations via an udp packet to several LANs / hosts.
This is what is working: Directed Broadcast from 10.10.198.40 to VLAN 10.10.149.255 --> each host on 10.10.148.0-network is receiving the informations, everything is fine.
configuration (the important things from my point of view):
ip address 10.10.148.2 255.255.254.0
no ip redirects
ip directed-broadcast 150
standby 1 ip 10.10.148.1
access-list 150 permit udp host 10.10.198.40 10.10.148.0 0.0.1.255 log
Now I am trying to get the same thing to work with another VLAN and, stupid me, I tried it this way:
I changed the destination-address of the sorce-host from 10.10.149.255 to 10.10.255.255 and I think this is already where my error in reasoning is starting ...
but anyhow, after that I confirgured:
ip address 10.10.138.2 255.255.254.0
no ip redirects
standby 1 ip 10.10.138.1
ip directed-broadcast 151
access-list 151 permit udp host 10.10.198.40 10.10.138.0 0.0.1.255 log
and of course it is not working, because I don't think that the router realizes that, if i send an packet to 10.10.255.255 it should broadcast it to every subnet where I allow it to be broadcasted (ip directed-broadcast 150 & 151)...
is there any way how to realize that?
I am looking forward to see your comments.
Solved! Go to Solution.
perhaps I can rediscribe what I need:
I need some way how a udp packet send from one host (10.10.198.40) to one address (can be defined) is forwarded / distributed to a list of network-broadcast-addresses (or single hosts) that are all directly connected to that same router.
btw.: I hate applications that work in this way!
If I understand you correctly, you want to send packets to a sort of a "global" broadcast address and you want the router to replicate this broadcast to all attached subnets of the corresponding network whose "global" broadcast address was used as the packet's destination.
This is not possible with broadcasts. What you are using here is a directed broadcast, i.e. a packet addressed to the broadcast address of a single particular network. A directed broadcast is never replicated into several networks. The reason is simple: for all routers along the way towards the destination network, the destination IP address is simply an address that belongs into a single subnet. The final router that is directly attached to the destination network also matches the destination IP address only by a single entry in its routing table (the longest-prefix-match) and forwards the packet into the destination network with the destination MAC address set to all FFs. No replication is ever performed.
Theoretically, a solution could be to use the so-called IP Multicast Helper. This feature allows you to convert a broadcast to a multicast stream, carry it over multicast-enabled network, and reconvert it back to broadcast at the final router. A necessary condition to use this feature is to have IP Multicast routing enabled in your network.
You can read more about the feature here:
If you believe your network can be configured for multicast routing, I will gladly try to assist you in configuring the Multicast Helper. Please note, however, that the success is not guaranteed here. Ideally, the application you are using should itself use multicasts instead of broadcasts.
Right now I am thinking about:
ip forward-protocol udp 2000
interface vlan 70
ip helper-address 10.10.139.255
ip helper-address 10.10.149.255
interface vlan 10 & 20
ip directed-broadcast 155
access-list 155 permit udp host 10.10.198.40 any eq 2000 log
and than configuring the sender to local broadcast address 255.255.255.255
Is this a possibility ?
Yes, this should theoretically work. Note that the difference to the multicast delivery is that you will be sending two streams across your network, instead of a single stream that replicates at the final router. Nevertheless, this should work as well. Good idea!
I will be able to test it in one hour... hopefully it works.
but if it works, I am already thinking about access-lists for those ip-helpers.
I would like to restrict that traffic to only udp 2000 and not having all dhcp-requests and so on also forwarded to that ip-addresses.
but this is the next step.