In networks with multiple subnets, it is not feasible to place DHCP servers on each of the subnets where clients are physically located. For a multi-segmented network, the best configuration is to place the DHCP servers in a central location. For this configuration to work effectively, DHCP messages must be able to cross IP routers.
The problem is that DHCP traffic is mostly comprised of broadcast type messages which routers do not forward across interfaces. The solution is using a DHCP Relay Agent. Routers that are RFC 1542 compliant have the ability to act as DHCP Relay Agents. In addition, Windows Server Routing and Remote Access (RRAS) services also provide the ability to run DHCP Relay Agent Services.
The process of obtaining an IP lease from a DHCP server can be broken down into four phases: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. When a router configured as a Relay Agent receives a DHCP broadcast, it converts it to the unicast packet with the destination MAC/IP address of the configured DHCP server, and the source MAC/IP of the router itself.
DHCPDISCOVER
The DHCP client sends the DHCPDISCOVER message, containing the MAC address of the DHCP client, to the broadcast IP address 255.255.255.255
and the MAC-level broadcast address FF-FF-FF-FF-FF-FF
. The DHCP Relay Agent receives and processes the DHCPDISCOVER packet.
As established in RFC 1542, the DHCP Relay Agent can forward the packet to either an IP broadcast, multicast, or unicast address. In practice, DHCP Relay Agents forward DHCPDISCOVER messages to unicast IP addresses which correspond to DHCP server(s). Before forwarding the original DHCPDISCOVER message, the DHCP Relay Agent makes the following changes to the packet:
- Increments the Hop Count field in the DHCP header. The DHCP Hop Count field is separate from the Time to Live (TTL) field in the IP header and is used to indicate on how many networks this DHCPDISCOVER has existed as a broadcast. When the configured maximum Hop Count is exceeded, the DHCPDISCOVER is silently discarded. This value can be configured when using a Microsoft DHCP Relay Agent. The default value is 4.
- Updates the Relay IP Address field (Gateway IP Address field, GIADDR) in the DHCP header. When the DHCP client sends the DHCPDISCOVER message, the Relay IP Address field is set to
0.0.0.0
. If the Relay IP Address is0.0.0.0
, the DHCP Relay Agent records the IP address of the interface on which the DHCPDISCOVER message was received. If the Relay IP Address is not0.0.0.0
, the DHCP Relay Agent does not modify it. - Changes the source IP address of the DHCPDISCOVER message to the IP address of the interface on which the broadcasted DHCPDISCOVER was received.
- Changes the destination IP address of the DHCPDISCOVER message to the configured unicast address of the DHCP server.
The DHCP Relay Agent sends the DHCPDISCOVER message as a unicasted IP packet rather than as an IP and MAC-level broadcast. If the DHCP Relay Agent is configured with multiple DHCP servers, it sends each DHCP server a copy of the DHCPDISCOVER message.
Type: | UDP |
Source IP: | 0.0.0.0 |
Source Port: | 68 |
Destination IP: | 255.255.255.255 |
Destination Port: | 67 |
DHCPOFFER
When responding to the DHCP client’s request for an IP address, the DHCP server uses the Relay IP Address field in the following ways:
- The Relay IP Address and the subnet masks of the server’s configured scopes are compared through a logical AND comparison to find a scope whose network ID matches the network ID of the Relay IP Address. When a match is found, the DHCP server allocates an IP address from that scope.
- When sending the offer back to the client, the DHCP server sends the DHCPOFFER message to the Relay IP Address as the destination IP address.
Type: | UDP |
Source IP: | DHCP Server's IP |
Source Port: | 67 |
Destination IP: | DHCP Relay Agent IP |
Destination Port: | 68 |
DHCPREQUEST
The DHCP client sends the DHCPREQUEST message, containing the MAC address of the client, to the IP broadcast address 255.255.255.255
and to the MAC broadcast address FF-FF-FF-FF-FF-FF
.
The DHCP Relay Agent receives this packet and forwards it as a unicast IP packet to the configured DHCP server or servers.
Type: | UDP |
Source IP: | 0.0.0.0 |
Source Port: | 68 |
Destination IP: | 255.255.255.255 |
Destination Port: | 67 |
DHCPACK
The DHCP server initially sends the DHCPACK message to the Relay IP Address, as it did with the DHCPOFFER message. When the DHCP Relay Agent receives the DHCPACK message, it places the message back on the subnet where the DHCPREQUEST originated from.
Type: | UDP |
Source IP: | DHCP Server's IP |
Source Port: | 67 |
Destination IP: | DHCP Relay Agent IP |
Destination Port: | 68 |