DHCP Broadcasts, How Routers/DHCP Relay Agents Handle Them
2010-08-24 Initial Post
I've always wondered how a DHCP server is able to communicate with clients on different subnets if both the client and server use broadcasts. Basically, the router (or DHCP relay agent, that's on the client's subnet) intercepts the DHCP broadcasts sent from the client. The router knows that the broadcast is DHCP-related because the destination port is UDP 67, which what the DHCP service listens on.
The router takes the broadcast and "repackages" it as a unicast message to the DHCP server. That part is easy to understand.The part that I wasn't sure about until I read the Wiki article below was how the server is able to communicate back to the client that’s on a different subnet since the server sends a broadcast to the client. Broadcasts aren't allowed across subnets by default, so how does this work? This works because the router has a unicast conversation with the server, so it's able to take the server's message that is destined for the client, and send it as a broadcast on the client's subnet.
Since broadcasts are allowed within a subnet, by default, the client will look at the message relayed by the router and if it has the client's MAC address in it, then the client will know that the message is for it (this is standard Ethernet broadcast behavior). I'm still not clear on how a router that has interfaces for several client subnets keeps track of which subnet to broadcast the DHCP responses to. There are a bunch of fields in the data portion of a DHCP-related packet, so the router must be looking at that to make the determination, or the router has a table that it uses to keep track of DHCP-related packets.
From http://en.wikipedia.org on 2010-08-24:
DHCP Relaying
In small networks DHCP typically uses broadcasts. However, in some circumstances, unicast addresses will be used, for example: when networks have a single DHCP server that provides IP addresses for multiple subnets. When a router for such a subnet receives a DHCP broadcast, it converts it to unicast (with a destination MAC/IP address of the configured DHCP server, source MAC/IP of the router itself). The GIADDR field of this modified request is populated with the IP address of the router interface on which it received the original DHCP request. The DHCP server uses the GIADDR field to identify the subnet of the originating device in order to select an IP address from the correct pool. The DHCP server then sends the DHCP OFFER back to the router via unicast. The router then converts the DHCP OFFER back to a broadcast, sent out on the interface of the original device.
From http://support.microsoft.com on 2010-08-24:
This is a nice table that shows that the DHCP client and server both use broadcasts during the entire conversation. I had never given this much thought before. I knew that the client always broadcasts for a DHCP server, but I didn't know that the DHCP server broadcasts back to the client. If both the client and server were on the same subnet, it's easier to understand how this all works, but I wasn't sure how it worked with a router/DHCP relay agent involved.
Below is a summary table of the conversation between client and server
Source Dest Source Dest Packet
MAC addr MAC addr IP addr IP addr Description
-----------------------------------------------------------------
Client Broadcast 0.0.0.0 255.255.255.255 DHCP Discover
DHCPsrvr Broadcast DHCPsrvr 255.255.255.255 DHCP Offer
Client Broadcast 0.0.0.0 255.255.255.255 DHCP Request
DHCPsrvr Broadcast DHCPsrvr 255.255.255.255 DHCP ACK
To enable a Cisco device to forward DHCP broadcasts (act as a DHCP relay agent), use the ip helper-address command per this Cisco reference.
