Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1554
Views
0
Helpful
15
Replies

IP Helper address - 1000 copies of single udp packet

Go to solution
illusion_rox
Level 1
Level 1

‎02-27-2017 11:28 PM - edited ‎03-08-2019 09:31 AM

Dear Experts, 

We are working with a customer who is using 6513 (EoS) and want to replace it using another cisco box (nexus or 6800). They are saying that currently they are using IP Helper address to convert single UDP packet broadcast to prepare 1000 copies and send unicast to different terminals. This is a legacy application, cannot be changed to multicast/unicast, already discussed this idea and it was rejected. 

Is it possible to have 1000 copies of single UDP packet? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-02-2017 11:48 AM

OK. Let me explain some things about these and hope that they will address your questions. If not then please clarify the questions.

Here are some things about ip helper-address. Normally a broadcast packet is not forwarded outside of the subnet in which it is generated. IP helper-address is a way to get around this restriction. It is applied in interface config mode and its function is to forward certain UDP broadcast packets to destinations in remote subnets. helper-address may specify a host address as the destination or may specify a subnet broadcast address as the destination (which we refer to as a directed broadcast).

A frequent use of helper-address specifying a host address might be DHCP requests. A DHCP request is a UDP broadcast packet. If the DHCP server is in a remote subnet then we would use helper-address specifying the host address of the server and this allows the 6500 to forward the request to the server.

You apparently have an example where the helper-address specifies a subnet broadcast address. The application generates the UDP broadcast packet and the helper-address specifies 172.16.16.255. So the 6500 will forward a copy of the packet to that address.

Here are a couple of things to remember about helper-address:

- it works only on UDP broadcasts. It does not work on TCP, or on ping, or on anything other than UDP.

- it works on certain UDP ports by default. If you want it to process some other UDP port then you must specify the forward-protocol command to add that port to what will be processed by helper-address.

- helper-address does not forward the original packet. It makes a copy of the packet and sends the copy putting the address specified in helper-address as the destination address of the copy.

-  helper-address makes a single copy of the arriving packet and sends it to one destination address (could be unicast host or could be directed broadcast). This answers one of your questions.

helper-address is configured on the interface where the original broadcast is generated and makes a copy. directed-broadcast is configured on the interface where the copy is delivered. Remember that a directed broadcast is a packet whose destination address is the broadcast address of a subnet. In most versions of IOS directed broadcast is disabled by default due to the security risk it presents. So if you have configured helper-address specifying a subnet broadcast address then you will need to configure directed-broadcast on the gateway interface where the packet is delivered. If directed-broadcast is enabled on the gateway interface then the gateway will forward the packet onto the subnet. If the interface has support for native broadcast (Ethernet does have native broadcast) then the gateway just sets the destination address to the broadcast address and forwards one packet into the network. That packet is seen and is processed by every host in that subnet. If the interface does not have native broadcast support (for example Frame Relay does not have the ability to send a broadcast) then the gateway must make a copy of the packet for each host in the subnet and forward the packet to that host.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-27-2017 11:37 PM

So are you saying they have 1,000 "ip helper-address" lines under an interface?

If this really is the case then wow.  I think this is well out side of the designed scope of this function.  It will probably work on a new platform, but I think I would do this a different way.

If they deployed a virtual machine onto the source vlan, then they could write a little program to receive the udp broadcast and unicast them to the 1,000 terminals.  This would be much safer.

0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to Philip D'Ath

‎02-28-2017 11:59 PM

Hi Philip, i try to gain some understanding from customer and here is what i think they are assuming. 

If ip helper-address 172.16.16.255 is configured, will 6500 generate 1 broadcast packet or how many packets will be generated?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-01-2017 06:25 AM

This part of the question is easy to answer. If 6500 is configured with ip helper-address 172.16.16.255 then the 6500 will generate one packet and send it to the gateway of the 172.16.16 network. That gateway device is the one that will generate multiple copies.

Here are a couple of notes about this:

- if you are doing something like this the 6500 config is straightforward with helper address. It may also be necessary to configure ip directed-broadcast on the gateway device which will receive the single packet and need to make multiple copies.

- be careful about the platform they go to. Nexus does not support helper-address. It has dhcp relay which takes care of the DHCP forwarding but does not process the other protocol ports that helper address does.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to Richard Burts

‎03-02-2017 05:27 AM

Dear Richard,

Can you help to shed more light on this please

If 6500 is configured with ip helper-address 172.16.16.255 then the 6500 will generate one packet and send it to the gateway of the 172.16.16 network. That gateway device is the one that will generate multiple copies.

By multiple copies, do you mean like this

172.16.16.1

172.16.16.2

172.16.16.3

... 

172.16.16.254

??

0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to illusion_rox

‎03-02-2017 05:45 AM

Dear Richard, i did some testing using 3 routers in GNS3. Attached is topology and cli result. 

When i issue 192.168.2.255 and have enabled ip helper-address 192.168.2.255 on R2 alongwith ip directed broadcast on both interfaces Fa0/0 and Fa0/1, i am getting single broadcast packet on R2, which you can see in the second snapshot.

Sir a little confused, please guide 

Preview file
164 KB
Preview file
22 KB
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-02-2017 06:06 AM

Apparently you sent this update while I was reading and responding to your previous update. And now I am a bit confused. Your question was about helper-address. But you are testing using ping. But ping does not have anything to do with helper-address. helper-address forwards UDP packets but does not do anything with ping.

What you demonstrate in your test is the expected behavior of directed broadcast on an Ethernet network. The source R1 sends a single packet to the broadcast address of a remote network. The gateway R2 receives the single directed broadcast packet and generates a single packet to the broadcast address of the network (255.255.255.255 in your output) and any device in that network will receive and respond to that single packet.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to Richard Burts

‎03-02-2017 06:10 AM

oh sorry, i should test it with a udp broadcast generator. I will check and update

but can you help to confirm that if media is ethernet, 6500 will generate only 1 broadcast packet for that segment even if its the gateway of that segment?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-02-2017 06:20 AM

Yes if the question is about the behavior of helper-address then you need to test with something that will generate UDP packets.

You are changing the question. The original question is about the 6500 using helper-address to forward to a remote subnet. Now you are asking about a situation where 6500 is the gateway for the segment. So the question is no longer about helper-address but is about the behavior of directed-broadcast. I confirm that the expected behavior is that when 6500 receives a packet that is directed broadcast to a subnet that is locally connected, and if directed-broadcast is enabled, then the 6500 will generate a single packet onto the Ethernet using the broadcast address as the destination address of the packet.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to Richard Burts

‎03-02-2017 07:55 AM

Dear Richard, My sincere apologies for complicating the matter(not at all my intention sir)

Actually, the question is both about Ip helper-address and directed broadcast. In this case, 6513 is acting as the core (high level diagram attached). CATS server is sending subnet specific broadcast to Vlan 30 and Vlan 40 for which 6513 is also the gateway. In this case, there will be single packet (destination would be broadcast)? please confirm

Also, can you help to describe in which case there will me multiple copies of single udp broadcast packet?

Preview file
41 KB
0 Helpful

Go to solution
illusion_rox
Level 1
Level 1
In response to illusion_rox

‎03-02-2017 08:51 AM

Sir please provide guidance, 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-02-2017 11:48 AM

OK. Let me explain some things about these and hope that they will address your questions. If not then please clarify the questions.

Here are some things about ip helper-address. Normally a broadcast packet is not forwarded outside of the subnet in which it is generated. IP helper-address is a way to get around this restriction. It is applied in interface config mode and its function is to forward certain UDP broadcast packets to destinations in remote subnets. helper-address may specify a host address as the destination or may specify a subnet broadcast address as the destination (which we refer to as a directed broadcast).

A frequent use of helper-address specifying a host address might be DHCP requests. A DHCP request is a UDP broadcast packet. If the DHCP server is in a remote subnet then we would use helper-address specifying the host address of the server and this allows the 6500 to forward the request to the server.

You apparently have an example where the helper-address specifies a subnet broadcast address. The application generates the UDP broadcast packet and the helper-address specifies 172.16.16.255. So the 6500 will forward a copy of the packet to that address.

Here are a couple of things to remember about helper-address:

- it works only on UDP broadcasts. It does not work on TCP, or on ping, or on anything other than UDP.

- it works on certain UDP ports by default. If you want it to process some other UDP port then you must specify the forward-protocol command to add that port to what will be processed by helper-address.

- helper-address does not forward the original packet. It makes a copy of the packet and sends the copy putting the address specified in helper-address as the destination address of the copy.

-  helper-address makes a single copy of the arriving packet and sends it to one destination address (could be unicast host or could be directed broadcast). This answers one of your questions.

helper-address is configured on the interface where the original broadcast is generated and makes a copy. directed-broadcast is configured on the interface where the copy is delivered. Remember that a directed broadcast is a packet whose destination address is the broadcast address of a subnet. In most versions of IOS directed broadcast is disabled by default due to the security risk it presents. So if you have configured helper-address specifying a subnet broadcast address then you will need to configure directed-broadcast on the gateway interface where the packet is delivered. If directed-broadcast is enabled on the gateway interface then the gateway will forward the packet onto the subnet. If the interface has support for native broadcast (Ethernet does have native broadcast) then the gateway just sets the destination address to the broadcast address and forwards one packet into the network. That packet is seen and is processed by every host in that subnet. If the interface does not have native broadcast support (for example Frame Relay does not have the ability to send a broadcast) then the gateway must make a copy of the packet for each host in the subnet and forward the packet to that host.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to illusion_rox

‎03-02-2017 05:52 AM

It is clear that the 6500 would generate and send a single packet to the gateway of the 172.169.16 network. What the gateway would do is somewhat dependent on the media of that subnet. If it were something like Frame Relay that does not have native capability for broadcast then yes the gateway would generate a packet for every device in the subnet. If the subnet is something like Ethernet that does have native capability for broadcast then the gateway sends a single packet to the broadcast address of the subnet and every device in the subnet will receive and process the broadcast packet.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to illusion_rox

‎03-01-2017 11:56 AM

I agree with rburts  .  Assuming the network is a /24, 172.16.16.255 will be a directed broadcast.  Any device listening on that network for directed broadcasts will get a copy of the packet.

0 Helpful

Go to solution
illusion_rox
Level 1
Level 1

‎03-02-2017 08:17 PM

Dear Richard, 

I cannot express in words my gratitude. Thanks alot for helping me out.

Just one thing more, can you tell if functionality of helper and directed-broadcast in 6500 series is achieved in HW or in control plane. Is it a cpu intensive task for 6500 or 6800 series?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card