Introduction to DHCP

Hello Hemant.

Imagine a very simple topology with just a DHCP server and a client (no relay agents).


I am using routers here but imagine that DHCP-CLIENT is an actual computer while DHCP-SERVER is an actual dedicated DHCP server. The DHCP-SERVER has a DHCP pool for the 192.168.1.0/24 IP space.

For the purpose of simplicity, both reside on the same local subnet. Our goal here is to have DHCP-CLIENT obtain an IP address and other parameters automatically from the DHCP server, so I will issue the ip address dhcp command on its G0/0 interface which will trigger the DHCP process.

DHCP-CLIENT(config)#int G0/0
DHCP-CLIENT(config-if)#ip address dhcp

Here’s the Wireshark capture of the DHCP DORA process.

I am getting the same result as you, all messages are being sent as broadcast. Let’s make one thing clear, first.

DHCPDISCOVER and DHCPREQUEST messages are always sent as broadcast.

The purpose of DHCPDISCOVER is to discover any available DHCP servers and since they may reside on the local subnet, they’re sent as broadcast.

The purpose of DHCPREQUEST is to request the IP parameters received from the DHCP server. It’s sent as a reply to the DHCPOFFER message.

This message is also always sent as broadcast. The client here includes the DHCP server from whom it accepted the offerered IP parameters. This is because the client can receive multiple DHCP offers from multiple DHCP servers, so DHCPREQUEST is a way of requesting the offered IP parameters and also informing which server does the client accept the offer from.

Now to answer your question, which packets can be sent as unicast or broadcast? What does it depend on? We both have tried this DHCP process and we both ended up with 4 broadcast messages.

There are two messages which can be sent as unicast or broadcast and those are DHCPOFFER and DHCPACK.

What determines whether these two messages will be as either unicast or broadcast are the DHCP flags contained within the DHCP packet.

RFC2131

   To work around some clients that cannot accept IP unicast datagrams
   before the TCP/IP software is configured as discussed in the previous
   paragraph, DHCP uses the 'flags' field [21].  The leftmost bit is
   defined as the BROADCAST (B) flag.  The semantics of this flag are
   discussed in section 4.1 of this document.  The remaining bits of the
   flags field are reserved for future use.  They MUST be set to zero by
   clients and ignored by servers and relay agents.  Figure 2 gives the
   format of the 'flags' field.

DHCP uses a field called BootP Flag which tell the server whether the client wants it to send its messages (DHCPOFFER, DHCPACK) as unicast or broadcast. From my packet capture, you can see the following DHCPDISCOVER message:
obrázok
The DHCP-CLIENT told the server to send its DHCP messages as broadcast, that’s why the DHCPOFFER and DHCPACK were sent as broadcast.

Here’s another packet capture of a DHCPDISCOVER message (credits to Jeremy’s IT Lab)

Here the client set the BootP flags to unicast, this tells the server that it can sends its DHCP replies by using unicast, so let’s check of the DHCP server’s messages.

We can see that because the BootP flags were set to Unicast, the server sent its DHCPOFFER message as unicast. This will also apply to its DHCPACK message.

Now, why is it that some clients set this flag to broadcast and some to unicast? It has to do with how the device itself can process packets. Some devices cannot accept any unicast packets before they have obtained an IP address so that’s why sometimes broadcast must be used instead of unicast.

Broadcast messages sent from the DHCP server will have the destination IP set to 255.255.255.255 and the destination MAC will be of the client.

Unicast messages sent from the DHCP server will have the destination IP set to the IP that the DHCP server wants to offer to the client and the destination MAC will be of the client.

Summary

  • DHCPDISCOVER and DHCPREQUEST packets are sent by the client and are always sent as broadcast.
  • DHCPOFFER and DHCPACK packets are sent by the server and can be sent either as unicast or broadcast as dictated by the client by using the BootP Flag field.

If anything is unclear to you, please let me know.

David