5.4. IPv4 DHCP Relay

Home Prev	cOS Core 14.00.17 Administration Guide	Next

	Note
	DHCP relay is a feature in cOS Core which is currently only available with IPv4 DHCP.

The DHCP Propagation Problem

With DHCP, clients locate the DHCP servers using broadcast messages. However, broadcasts are normally only propagated across the local network. This means that the DHCP server and client need to be on the same physical network. In a large scale network topology, this means there would have to be a different DHCP server on every network. This problem is solved by using DHCP relay.

The DHCP Relay Solution

A DHCP relayer takes the place of the DHCP server in the local network and acts as a link between the client and remote DHCP server. It intercepts requests coming from clients and relays them to one or more DHCP servers. The DHCP server then responds to the relayer, which forwards the response back to the client.

DHCP relayers can also relay BOOTP packets and may sometimes be referred to as BOOTP relay agents. Some networking providers may also use the term IP Helper for the feature that includes the DHCP relay function.

The DHCP Relay Object

DHCP relaying is configured in cOS Core by creating a DHCP Relay object. This object has the following general properties:

Name

A suitable configuration name for the object.
Action

This can be one of the following settings:
1. Ignore
  
  DHCP requests are ignored. This is the default.
2. Relay
  
  DHCP (and BOOTP) packets are relayed to the configured DHCP server(s) and replies are relayed back.
3. BOOTPForward
  
  Only BOOTP (Bootstrap Protocol) packets will be relayed.
Source Interface

The interface on which the relayer will listen for requests. This can be set to an Interface Group object to specify multiple interfaces. This property is required for relaying.
DHCP Server to relay to

The IPv4 address of a DHCP server to relay client requests to. This property is required for relaying.
Additional DHCP Servers

It is optionally possible to relay to more than one DHCP server. A total of two extra DHCP server IP addresses can be specified, in addition to the first server.

When relaying is performed, cOS Core will relay exactly the same client request to all the configured servers at the same time. All replies will be relayed back to the client and it is up to the client to decide how these are handled.
Allowed IP offers from server

An optional range of acceptable IP addresses in the relayed leases. This could be specified as a network (for example, 203.0.113.0/24) or a range (for example, 203.0.113.0-203.0.113.100). By default, all IPv4 addresses are allowed.

Leases that fall out of the specified range will be rejected.

Other optional properties for the DHCP Relayer object are discussed next.

Setting the Source IP of Relayed DHCP Traffic

For relayed DHCP traffic, the option exists in cOS Core to use one of the following as the source IPv4 address of DHCP traffic relayed to a server:

The IPv4 address of the interface on which it listens for client requests. This is the default setting and ensures that the DHCP server knows which network a request is coming from. This can be important if the DHCP server is set up to allocate IP addresses based on the source IP of a request.
The IPv4 address of the interface from which it sends out the relayed request to the server. This would be used where the listening interface IP for the relayer is not relevant, or in the case of VLANs, might not be available.

This setting can be found under the Options tab of the DHCP Relay object in the Web Interface.

Core Routing Does Not Apply

Although cOS Core interface IPs are usually core routed, for relayed DHCP requests, core routing does not apply. Instead, the interface is the source interface and not the core interface.

Adding Dynamic Routes for Relayed DHCP Leases

The Add dynamic routes for this relayed DHCP lease property (found under the Add Route tab in the Web Interface) is disabled by default so no routes are added for IP addresses allocated by a DHCP server. This is acceptable if a static route is already set up which routes on the correct interface the address range handed out to clients by the DHCP server(s).

However, sometimes having a single static route is not a suitable routing solution, particularly if there are clients on multiple networks sending DHCP requests through a single relayer. In this case, it can be easier to enable adding routes automatically for each client address allocated. The danger is that large numbers of clients can cause excessive cOS Core system overhead if a large number of routes are added.

Setting the Parameters of Added Routes

If the Add dynamic routes for this relayed DHCP lease property is enabled it is also possible to set any of the following properties of the routes added, if required:

Routing Table - Which routing table the route is to be added to (the default is main).
Local IP - cOS Core will respond to ARP queries sent to this address. The use of this setting is explained further in Section 4.2.1, Static Routing in cOS Core.
Gateway - This would be used if relayed clients are behind a routing device.

Setting the Maximum Relaying Clients Per Interface

The optional property Max relays per interface can be used to specify the maximum number of clients that are permitted to send relayed DHCP requests through a single interface.

Using the Proxy ARP Options

In some scenarios, it is necessary to add a route for each DHCP lease using the property described above. Consider the layout shown below, where a single DHCP server is handing out IPs in the same network range via relay by cOS Core to two clients on the separate interfaces If1 and If2.

Figure 5.2. DHCP Relay with Proxy ARP

In this case, adding a route automatically for each lease is necessary. In addition, the two clients will get IP addresses from the same network range and can be regarded as being on the same network. However, to be able to talk to each other, the Proxy ARP Interfaces property of the DHCP Relay object must be set to the interfaces If1 and If2 so that the IP addresses handed out by the DHCP server can be found by each client.

PXE Support and Allowing NULL Offers

The Preboot Execution Environment (PXE) makes use of DHCP to enable booting of clients from a server across a network. PXE makes use of a NULL Offer which is a DHCP server response offering the IP address 0.0.0.0 (no address offered).

By default, cOS Core will not relay NULL offers. To enable relaying, the following steps are required:

Create the DHCP Relay object and set the Action to be Relay. This will allow a number of options to be set.
Enable the option Allow NULL offers.

Viewing Detailed DHCP Client Information

All DHCP clients that have their DHCP traffic relayed by cOS Core will have an entry created in the neighbor cache.. If enabled, the device intelligence feature can "fingerprint" these clients and provide detailed client information when the neighbor cache is viewed. This is described further in Section 3.5.6, Device Intelligence.

Example 5.4. Setting Up DHCP Relay

This example allows clients on cOS Core VLAN interfaces to obtain IP addresses from a DHCP server.

It is assumed the firewall is already configured with VLAN interfaces vlan1 and vlan2. The clients on both these interfaces will generate DHCP requests which will be relayed to a single DHCP server. The DHCP server's IP address is defined in the cOS Core address book as the address object ip-dhcp.

cOS Core will also automatically add a route for the IP address allocated to the client by the DHCP relaying process.

Command-Line Interface

A. Add the VLAN interfaces vlan1 and vlan2 to a new interface group called ipgrp-dhcp:
```
Device:/> add Interface InterfaceGroup ipgrp-dhcp Members=vlan1,vlan2
```

B. Create a DHCP Relayer object called as vlan-to-dhcpserver:

Device:/> add DHCPRelay vlan-to-dhcpserver
			Action=Relay
			TargetDHCPServer=ip-dhcp
			SourceInterface=ipgrp-dhcp
			AddRoute=Yes

InControl

Follow similar steps to those used for the Web Interface below.

Web Interface

A. Add the VLAN interfaces vlan1 and vlan2 to a new interface group called ipgrp-dhcp:

Go to: Network > Interfaces and VPN > Interface Groups > Add > Interface Group
Now enter:
- Name: ipgrp-dhcp
- Interfaces: select vlan1 and vlan2 from the Available list and put them into the Selected list.
Click OK

B. Create a DHCP Relayer object called as vlan-to-dhcpserver:

Go to: Network > DHCP Services > DHCP Relay > Add
Now enter:
- Name: vlan-to-dhcpserver
- Action: Relay
- Source Interface: ipgrp-dhcp
- DHCP Server to relay to: ip-dhcp
- Allowed IP offers from server: all-nets
Under the Add Route tab, check Add dynamic routes for this relayed DHCP lease
Click OK

DHCP Relay Advanced Settings

The following advanced settings are available with DHCP relaying.

Max Transactions

Maximum number of transactions at the same time.

Default: 32

Transaction Timeout

For how long a dhcp transaction can take place.

Default: 10 seconds

Max PPM

How many dhcp-packets a client can send to through cOS Core to the dhcp-server during one minute.

Default: 500 packets

Max Hops

How many hops the dhcp-request can take between the client and the dhcp-server.

Default: 5

Max lease Time

The maximum lease time allowed by cOS Core. If the DHCP server has a higher lease time, it will be reduced down to this value.

Default: 10000 seconds

Max Concurrent Relays

How many relays that can be active at the same time.

Default: 256

Auto Save Policy

What policy should be used to save the relay list to the disk, possible settings are Disabled, ReconfShut, or ReconfShutTimer.

Default: ReconfShut

Auto Save Interval

How often, in seconds, should the relay list be saved to disk if DHCPServer_SaveRelayPolicy is set to ReconfShutTimer.

Default: 86400