DHCP Relay Proxy
A DHCP relay is transparent to DHCP clients and DHCP servers, and simply forwards messages between DHCP clients and servers. The DHCP relay agent is configured on the router or switch, which operates between the DHCP client and one or more DHCP servers. For more information, read this topic.
DHCP Relay Proxy Overview
DHCP relay proxy mode is an enhancement to extended DHCP relay. DHCP relay proxy supports all DHCP relay features while providing additional features and benefits.
Normally, extended DHCP relay operates as a helper application for DHCP operations. Except for the ability to add DHCP relay agent options and the gateway address (giaddr) to DHCP packets, DHCP relay is transparent to DHCP clients and DHCP servers, and simply forwards messages between DHCP clients and servers.
When you configure DHCP relay to operate in proxy mode, the relay is no longer transparent. In proxy mode, DHCP relay conceals DHCP server details from DHCP clients, which interact with a DHCP relay in proxy mode as though it is the DHCP server. For DHCP servers there is no change, because proxy mode has no effect on how the DHCP server interacts with the DHCP relay.
You cannot configure both DHCP relay proxy and extended DHCP local server on the same interface.
Benefits of Using DHCP Relay Proxy
DHCP relay proxy provides the following benefits:
DHCP server isolation and DoS protection—DHCP clients are unable to detect the DHCP servers, learn DHCP server addresses, or determine the number of servers that are providing DHCP support. Server isolation also provides denial-of-service (DoS) protection for the DHCP servers.
Multiple lease offer selection—DHCP relay proxy receives lease offers from multiple DHCP servers and selects a single offer to send to the DHCP client, thereby reducing traffic in the network. Currently, the DHCP relay proxy selects the first offer received.
Support for both numbered and unnumbered Ethernet interfaces—For DHCP clients connected through Ethernet interfaces, when the DHCP client obtains an address, the DHCP relay proxy adds an access internal host route specifying that interface as the outbound interface. The route is automatically removed when the lease time expires or when the client releases the address.
Logical system support—DHCP relay proxy can be configured in a logical system, whereas a non-proxy mode DHCP relay cannot.
Interaction Among DHCP Relay Proxy, DHCP Client, and DHCP Servers
The DHCP relay agent is configured on the router (or switch), which operates between the DHCP client and one or more DHCP servers.
The following steps provide a high-level description of how DHCP relay proxy interacts with DHCP clients and DHCP servers.
The DHCP client sends a discover packet to locate a DHCP server in the network from which to obtain configuration parameters for the subscriber.
The DHCP relay proxy receives the discover packet from the DHCP client and forwards copies of the packet to each supporting DHCP server. The DHCP relay proxy then creates a client table entry to keep track of the client state.
In response to the discover packet, each DHCP server sends an offer packet to the client, which the DHCP relay proxy receives. The DHCP relay proxy does the following:
Selects the first offer received as the offer to sent to the client
Replaces the DHCP server address with the address of the DHCP relay proxy
Forwards the offer to the DHCP client.
The DHCP client receives the offer from the DHCP relay proxy.
The DHCP client sends a request packet that indicates the DHCP server from which to obtain configuration information—the request packet specifies the address of the DHCP relay proxy.
The DHCP relay proxy receives the request packet and forwards copies, which include the address of selected server, to all supporting DHCP servers.
The DHCP server requested by the client sends an acknowledgement (ACK) packet that contains the client configuration parameters.
The DHCP relay proxy receives the ACK packet, replaces the DHCP server address with its own address, and forwards the packet to the client.
The DHCP client receives the ACK packet and stores the configuration information.
If configured to do so, the DHCP relay proxy installs a host route and Address Resolution Protocol (ARP) entry for the DHCP client.
After the initial DHCP lease is established, the DHCP relay proxy receives all lease renewals and lease releases from the DHCP client and forwards them to the DHCP server.
Enabling DHCP Relay Proxy Mode
You can enable DHCP relay proxy mode on all interfaces or a group of interfaces.
To enable DHCP relay proxy mode:
- Specify that you want to configure override options.[edit forwarding-options dhcp-relay]user@host# edit overrides
- Enable DHCP relay proxy mode. [edit forwarding-options dhcp-relay overrides]user@host# set proxy-mode