The Dynamic Host Configuration Protocol (DHCP) IPv4 deployment model assumes a single routing domain between the DHCP client and DHCP server. In some network designs, the DHCP server cannot directly communicate with DHCP clients. Customers may choose this design to make critical infrastructure servers inaccessible and to protect the DHCP server from client attacks.
Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. In all cases, the DHCP relay agent must be able to communicate directly with both the DHCP server and DHCP client. By using the relay agent information option (option 82), the DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server.
The DHCP Relay Server ID Override and Link Selection Option 82 Suboptions feature enables the relay agent to be part of all DHCP message exchanges by supporting the use of two suboptions of option 82: server ID override and link selection. This design results in all DHCP messages flowing through the relay agent, allowing for greater control of DHCP communications.
Communication from the DHCP server through the relay agent can be an issue. If the server needs to reach the client, it must do so through the relay agent. The IP address of the relay agent might not be ideal. For example, if the network is renumbered or if the interface at the relay agent is down for some reason, the server may not be able to reach the client. This feature introduces the capability to manually configure the interface for the relay agent to use as the source IP address for messages relayed to the DHCP server. This configuration allows the network administrator to specify a stable, hardware-independent IP address (such as a loopback interface).
The figure and the numbered list that follows it shows the processing that occurs on the DHCP relay agent and DHCP server when this feature is configured.
Figure 1. DHCP Relay Agent and DHCP Server Processing of Option 82 Suboptions
- The DHCP client generates a DHCP request and broadcasts it on the network.
- The DHCP relay agent intercepts the broadcast DHCP request packet and inserts a server ID override suboption and link selection suboption to its relay agent information option in the DHCP packet. The server ID override and link selection suboptions contain the incoming interface IP address, which is the IP address on the relay agent that is accessible from the client (10.1.1.1 in this case).
- The relay agent sets the gateway IP address (giaddr) to the IP address of an interface that is reachable by the DHCP server (typically the server-facing interface that will be used to transmit the message, 10.3.1.2 in this case).
- If the source interface is explicitly configured on a loopback interface (using the
ip dhcp-relay source-interface command), the relay agent will use that address as the source IP address (giaddr) for messages relayed to the DHCP server (10.2.1.1 in this case).
The following processing occurs on the DHCP server after receiving the forwarded packets from the relay agent:
- The DHCP server uses the link selection suboption to locate the correct address pools for the DHCP client.
- The DHCP server sets the server ID option to the value specified by the server ID override suboption of the DHCP packet.
- The DHCP server sends the reply message to the IP address specified in the giaddr.
The DHCP client will see the relay agent address as the server ID and use that address when unicasting RENEW messages.