[j-nsp] JUNOS BootP-relay Behaviour
Phil Mayers
p.mayers at imperial.ac.uk
Mon Mar 9 09:27:23 EDT 2009
alain.briant at bt.com wrote:
> Hi Phil
>
> This does matter because the DHCP server has to answer back to the
> source address of the packets received and in case you have a
No - the RFCs specifically state that replies either go to:
* ciaddr - for unicast bootp/dhcp requests
* giaddr - for relayed bootp/dhcp requests
* direct layer2 transmission, for local requests
See RFC 2131 section 4.1. There's nothing about the source IP of the
packet, for the simple reason that multiple relays is legal. The
following setup for example:
client -- router1 -- router2 -- router3 -- dhcpserver
* client transmits request
* router1 forwards to router2 and sets giaddr, increments "hops"
* router2 forwards to router3, increments "hops"
* router3 sends to dhcpserver, increments "hops"
* dhcpserver replies to giaddr i.e. router1
This is useful if you want to give a customer DHCP service but would
rather not give out the IPs of your DHCP servers; you can tell them to
relay to your router, and setup the forwarding on your router.
I agree this makes firewalling DHCP messages tedious, but it's an old
protocol, and storing a full return-path on relays or in the message
itself would be tedious.
More information about the juniper-nsp
mailing list