DHCP relay proxy mode is an enhancement to extended DHCP
relay. DHCP relay proxy supports all DHCP relay features while providing
additional features and benefits.
Normally, extended DHCP relay operates as a helper application
for DHCP operations. Except for the ability to add DHCP relay agent
options and the gateway address (giaddr) to DHCP packets, DHCP relay
is transparent to DHCP clients and DHCP servers, and simply forwards
messages between DHCP clients and servers.
When you configure DHCP relay to operate in proxy
mode, the relay is no longer transparent. In proxy mode, DHCP relay
conceals DHCP server details from DHCP clients, which interact with
a DHCP relay in proxy mode as though it is the DHCP server. For DHCP
servers there is no change, because proxy mode has no effect on how
the DHCP server interacts with the DHCP relay.
DHCP relay proxy provides the following benefits:
DHCP server isolation and DoS protection—DHCP clients
are unable to see the DHCP servers, learn DHCP server addresses, or
determine the number of servers that are proving DHCP support. Server
isolation also provides denial-of-service (DoS) protection for the
DHCP servers.
Multiple lease offer selection—DHCP relay proxy
receives lease offers from multiple DHCP servers and selects a single
offer to send to the DHCP client, thereby reducing traffic in the
network. Currently, the DHCP relay proxy selects the first offer received.
Support for both numbered and unnumbered Ethernet interfaces—For
DHCP clients connected through Ethernet interfaces, when the DHCP
client obtains an address, the DHCP relay proxy adds an access internal
host route specifying that interface as the outbound interface. The
route is automatically removed when the lease time expires or when
the client releases the address.
Logical system support—DHCP relay proxy can be configured
in a logical system, whereas a non-proxy mode DHCP relay cannot.
Note:
Extended DHCP relay proxy is not supported for the J-series
DHCP server. Also, you cannot configure both DHCP relay proxy and
extended DHCP local server on the same interface.
Interaction Among DHCP Relay Proxy, DHCP Client, and DHCP Servers
The DHCP relay agent is configured on the router, which operates
between the DHCP client and one or more DHCP servers.
The following steps provide a high level description of how
DHCP relay proxy interacts with DHCP clients and DHCP servers.
The DHCP client sends a discover packet to locate a DHCP
server in the network from which to obtain configuration parameters
for the subscriber.
The DHCP relay proxy receives the discover packet from
the DHCP client and forwards copies of the packet to each supporting
DHCP server. The DHCP relay proxy then creates a client table entry
to keep track of the client state.
In response to the discover packet, each DHCP server sends
an offer packet to the client, which the DHCP relay proxy receives.
The DHCP relay proxy does the following:
Selects the first offer received as the offer to sent
to the client
Replaces the DHCP server address with the address of the
DHCP relay proxy
Forwards the offer to the DHCP client.
The DHCP client receives the offer from the DHCP relay
proxy.
The DHCP client sends a request packet that indicates
the DHCP server from which to obtain configuration information—the
request packet specifies the address of the DHCP relay proxy.
The DHCP relay proxy receives the request packet and forwards
copies, which include the address of selected server, to all supporting
DHCP servers.
The DHCP server requested by the client sends an acknowledgement
(ACK) packet that contains the client configuration parameters.
The DHCP relay proxy receives the ACK packet, replaces
the DHCP server address with its own address, and forwards the packet
to the client.
The DHCP client receives the ACK packet and stores the
configuration information.
If configured to do so, the DHCP relay proxy installs
a host route and Address Resolution Protocol (ARP) entry for the DHCP
client.
After the initial DHCP lease is established, the DHCP
relay proxy receives all lease renewals and lease releases from the
DHCP client and forwards them to the DHCP server.
