If you are asking about just the relay agent, the DHCP discover is sent with a destination of 255.255.255.255 with all F's for layer 2. This is limited broadcast."Reserved for the "limited broadcast" destination address, as specified by RFC 6890, used during host configuration.
The address 255.255.255.255 denotes a broadcast on a local hardware network, which must not be forwarded. This address may be used, for example, by hosts that do not know their network number and are asking some server for it.
To analyze DHCP Discover (lease request) traffic:
- In the top Wireshark packet list pane, select the fourth DHCP packet, labeled DHCP Discover.
- Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Bootstrap Protocol frame.
- Expand Ethernet II to view Ethernet details.
- Observe the Destination and Source fields. The destination should be the broadcast address ff:ff:ff:ff:ff:ff and the source should be your MAC address. When the client doesn't have an IP address or server information, it has to broadcast to discover a DHCP server.
- Expand Internet Protocol Version 4 to view IP details.
- Observe the Source address. Notice that the source address is 0.0.0.0, indicating no current IP address.
- Observe the Destination address. Notice that the destination address 255.255.255.255, the broadcast IP address.
- Expand User Datagram Protocol to view UDP details.
- Observe the Source port. Notice that it is bootpc (68), the BOOTP client port.
- Observe the Destination port. Notice that it is bootps (67), the BOOTP server port.
- Expand Bootstrap Protocol to view BOOTP details.
- Observe the DHCP Message Type. Notice that it is a Discover (3).
- Observe the Client IP address, Client MAC address, and DHCP option fields. This is the request to the DHCP server.
Don't take my word for it, not sure what else 255.255.255.255 as destination is used for,
The "ip helper-address" command is not used only to rely the DHCP broadcast messages, instead it can be used to forward other kind of udp traffic. By enabling "ip helper-address" all udp traffic defined with the command "ip forward-protocol udp" manually or by default (BOOTP client and server are defined by default) will be forwarded by the router as a unicast traffic. In other words the "ip helper-address" command is not used only to rely the DHCP messages. If you want to allow the router to forward only the DHCP messages then you should remove all the other protocols with the command "no ip forward-protocol udp".
Yes, Layer 1,2, & 3 are decasulated to forward the PDU.
The IP source address (host) is replaced with the router interface or SVI IP address that the broadcast was recieved from, and the destination (broadcast) address gets replaced with the remote server address. So yes
You can think of the router interface as a proxy gateway for DHCP
The router keeps track of the MAC address of the requesting host and knows to apply the DHCP reply message to that MAC.
Wow, amazing stuff coming out of these responses. Aref I went hunting for other kinds of UTP traffic the command IP-Helper Address enables the router to de-encapsulate (thanks Mike Gannon). http://www.cisco-faq.com/163/forward_udp_broadcas.html
Then I found some great stuff circa 2003 on a Dell site which made me feel further validated about my question. I know the Broadcast storms are the worst offenders as far as CPU and Bandwidth eating. And of course STP takes care of that. And I re-learned that IGMP snooping with help to limit Multicast traffic.
I also learned from one of my CCIE friends, that the amount of broadcast traffic on a properly built network (VLAN's, STP, SVI's) would not usually eat enough CPU resources or bandwidth to be concerned with. I don't know much about SVI (apparently used on L3 Switches), but I believe him.Here's the intro quote from Dell and the link: http://www.dell.com/downloads/global/products/pwcnt/en/app_note_5.pdfBroadcast and multicast traffic perform valuable roles interms of network discovery and content delivery,but too much of either can have an adverse effecton performance. Excessive amounts of broadcast ormulticast traffic not only waste bandwidth, but alsodegrade the performance of every device attached tothe network. This application note discusses the stepsnetwork managers can take to minimize the effectsof broadcast and multicast traffic without compromising application functionality or performance.
A lab output on the sameR3(config)#int f1/0R3(config-if)#ip address 172.16.128.1 255.255.255.0R3(config-if)#no shutdownR3(config-if)#ip helper-address 172.16.32.32R3(config-if)#int f0/0R3(config-if)#ip address 172.16.32.31 255.255.255.0R3(config-if)#no shutdownR3(config-if)#exitR3#debug ip dhcp server packetR3#debug ip dhcp server events
R3(config-if)#ip address 172.16.128.1 255.255.255.0
R3(config-if)#ip helper-address 172.16.32.32
R3(config-if)#ip address 172.16.32.31 255.255.255.0
Debug Output on R1
*Mar 1 00:06:25.375: DHCPD: DHCPDISCOVER received from client 0100.5079.6668.00 through relay 172.16.128.1.
DHCP Discover to 172.16.32.32 from 172.16.128.1
Ethernet II, Src: cc:07:23:70:00:00 (cc:07:23:70:00:00), Dst: cc:05:23:70:00:00 (cc:05:23:70:00:00)Internet Protocol Version 4, Src: 172.16.128.1 (172.16.128.1), Dst: 172.16.32.32 (172.16.32.32) → Unicast from relay to serverUser Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)Bootstrap Protocol------omitted----Bootp flags: 0x0000 (Unicast)Client IP address: 0.0.0.0 (0.0.0.0)Your (client) IP address: 0.0.0.0 (0.0.0.0)Next server IP address: 0.0.0.0 (0.0.0.0)Relay agent IP address: 172.16.128.1 (172.16.128.1) --> Relay agent IP address embedded in the packet, is how the DHCP server determines the pool to assign the IP address from.