Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
1
Replies

Why does ip helper-address relay packets with UDP dest. 68 ?

mmacovsky
Level 1
Level 1

‎12-16-2014 06:04 AM - edited ‎03-07-2019 09:55 PM

This post has been created in an attempt to broaden my knowledge, and also because I thought someone might find this interesting.

 

I have messed a little with DHCP in the attached network. All has been done in packet tracer so I could follow everything in the nice simulator

 

What happens is:

1. Client sends DHCP Discover

2. IP helpers on both L3 switches sends it to DHCP server which is R0

3. DHCP server sends DHCP Offer

4. it comes to L3 switch 1 (the one on the right)

5. L3 switch 1 sends it to L3 switch 0 ( dest. ip is 255.255.255.255 / dest. port. is UDP 68 / fa0/10 on L3 switch 1 is blocked by stp)

6. L3 switch 0 sends the Offer to the switch with client, but it also triggers the ip helper-address and sends it back to the server as a unicast

 

The client receives the offer, but so does the server that sent it.

Packet tracer behaves a little bit different in Linux and Windows version, but it happens on both of them in the end.

 

In RFC 1542 is mentioned the following -

 

  A relay agent MUST silently discard any received UDP messages whose
   UDP destination port number is BOOTPC (68).

      DISCUSSION:

         There should be no need for a relay agent to process messages
         addressed to the BOOTPC port.  Careful reading of the original
         BOOTP specification [1] will show this.  Nevertheless, some
         relay agent implementations incorrectly relay such messages.

 

And so it seems that cisco implemented ip helper that it would relay both 67 and 68 dest. ports -
http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9

So i guess it works as designed. But why was it implemented in this way?
Is it not unwanted traffic that is coming back to the DHCP server?
Or is it bad implementation on my part ?

Thanks very much for any response.

Cheers

 

Labels:
dhcp_relay.pkt_.zip
0 Helpful
1 Reply 1

Aaron Harrison
VIP Alumni
VIP Alumni

‎12-16-2014 07:02 AM

Hi

ip helper-address actually forwards a good few bits and pieces including DHCP and BootP, also TFTP and so on...so it's a bit more generic than just a DHCP relay. 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578

You can make it more selective:

no ip forward-protocol udp ?

However I'd just ignore it... I don't think a few stray DHCP requests is going to weigh down your network too much ;-)

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card