[c-nsp] unicast rpf dhcp drops after routing adjustment

Brett Frankenberger rbf+cisco-nsp at panix.com
Sat Dec 10 09:10:58 EST 2005 

On Fri, Dec 09, 2005 at 10:06:42PM -0500, Tim Durack wrote:
> 
> Ah yes, scratch that idea. RFC2131 says:
> 
> "If the 'giaddr' field in a DHCP message from a client is non-zero,
>    the server sends any return messages to the 'DHCP server' port on the
>    BOOTP relay agent whose address appears in 'giaddr'."
> 
> Makes me wonder why the response has to go back to giaddr as opposed to
> whatever the relay decided to use for source address.

Because there's no guarantee that the packet has only gone through one
relay.  The spec requires that a realy only update giaddr if it's 0, so
the second and subsequent relays don't change it once the first relay
fills it in.  Then, the server sends the response back to the first
relay.

Sending the response to the source-address in the packet would get it
to the last relay rather than the first one, which would do no good,
becuase (a) that relay isn't liekly directly attached to the subnet
with the client, and (b) that relay would have no idea where to forward
the response.

The IOS model is generally single-relay -- you configure your DHCP
server (or the broadcast address of the subnet with the DHCP server) as
your helper-address, and the packet iss sent directly there.  But there
are other implementations that, rather than forwardig the DHCP request
to a specific IP address, just forward it to another subnet (still as a
255.255.255.255 broadcast), where another relay agent passes it on
until it gets to the subnet with the DHCP server.  (Most
implementations don't do it that way these days ... but the RFC was
written to support that.) 

(As an example, Wellfleet (-> Bay -> Nortel) routers when they first
acquired BootP/DHCP forwarding only had the ability to do interface to
interface forwarding.  This was in the BootP days, before DHCP, but the
forwarding agent functionality is nearly identical; the only change is
the addition of the broadcast bit in the DHCP spec. 
Wellfleet/Bay/Nortel later added the ability to go directly to any IP
address, but retained the old way also.)

     -- Brett

More information about the cisco-nsp mailing list