Just need a little clarity on the interface command "ip directed-broadcast" command. Am I right in thinking that when this command is enabled on a router interface, it will accept an IP broadcast packet and forward it out another interface in a layer 2 broadcast frame??
Just a little mixed up on this one, thanks guys
Directed broadcast, as opposed to all 1s broadcast (255.255.255.255) or link local broadcast, is a broadcast directed to a specific subnet only. For instance a broadcast sent to the IP address 192.168.0.255/24 is a broadcast to that particular subnet 192.168.0.0/24. Since it can be exploited for Smurf attacks (DoS), ip directed broadcast is disabled by default in the 12.x IOS versions.
There're some applications such as WoL, backups or other management tasks, for which directed broadcasts are enabled, but with an ACL defining the source & destination of the directed broadcast.
If you're part of say 10.0.0.0/24 subnet & an upstream router had 192.168.0.0/24 subnet attached to it, you'll send a directed broadcast to the address 192.168.0.255/24 & the router will relay it to the destination subnet. The packets will be routed like any other packets until it hits the destination router, which will send the broadcast from the interface which has the destination network directly attached to it.
Thanks for the reply. It makes more sense now. I was just confussed in how it was discribed in the Cisco press DESGN 640-863 book. It had said the follwoing,
On Cisco routers, the ip directed-broadcast interface command controls what the last router in
the path, the one connected to the destination subnet, does with a directed broadcast packet. If
ip directed-broadcast is enabled on the interface, the router changes the directed broadcast to
a broadcast and sends the packet, encapsulated in a Layer 2 broadcast frame, onto the subnet.
However, if the no ip directed-broadcast command is configured on the interface, directed
broadcasts destined for the subnet to which that interface is attached are dropped.
Where it says the packet is encapsulated in a Layer 2 broadcast frame and then sent onto the subnet.
Thanks for the reply
Eric, makes sense to me. Packets get wrapped with a layer 2 header when sent out on L2 media regardless. In this case they mean it's wrapped and sent with a destination MAC of all-hosts.
I think that description is pretty accurate though. I ran into IP directed broadcast a few years back when we wanted to start sending Wake On Lan packets across subnets. A wake on lan packet is really just a layer 2 broadcast to tell the machines to power up. Well, because it is a layer 2 broadcast, you have to be in the same subnet as the machine that you want to wake up.
Well, with an IP directed broadcast, I can encapsulate that layer 2 broadcast into a layer 3 packet, send it to the intended IP subnets and then when it reaches its destination, the router will stip the IP information and reveal the broadcast Layer 2 frame.
For all of the security issues there are with IP directed broadcast, there are good things too. So, what I do is I enable IP directed broadcast, but protect it with an ACL so that only certain machines can send the IP directed broadcast.
Ok getting it now (I think). I was just looking at it as been just a layer 3 (IP) broadcast. But once it go's onto another ethernet segment it is sent as a layer 2 broadcast?? But keeping its layer 3 subnet address, with it broadcast address?? I have never used this before so forgive me if I am going around in circles here . But Jareds example has shown me a use for it..