Limiting the Impact of IP Helper Addresses
Problem
After configuring your router to use IP helper addresses, you suffer from high link utilization or high CPU utilization on the DHCP server.
Solution
The ip helper-address command implicitly enables forwarding several different kinds of UDP broadcasts. You can prevent the router from forwarding the unwanted types of broadcasts with the no ip forward-protocol udp configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#no ip forward-protocol udp tftp
Router1(config)#no ip forward-protocol udp nameserver
Router1(config)#no ip forward-protocol udp domain
Router1(config)#no ip forward-protocol udp time
Router1(config)#no ip forward-protocol udp netbios-ns
Router1(config)#no ip forward-protocol udp netbios-dgm
Router1(config)#no ip forward-protocol udp tacacs
Router1(config)#end
Router1#
Discussion
As mentioned in Recipe 20.1, if the DHCP client and server are on different network segments, the router on the client's segment must be configured with a helper address for DHCP to work. However, the helper address configuration forwards a variety of different UDP broadcasts, not just DHCP packets. This can cause network loading problems, as well as CPU loading problems on the DHCP server.
By default, when you configure the ip helper-address command on an interface, the router will automatically forward UDP broadcasts for all of the protocols shown in Table 20-1.
Type | Description | UDP port |
---|---|---|
bootpc | Bootstrap or DHCP client | 68 |
bootps | Bootstrap or DHCP server | 67 |
domain | Domain Name Service (DNS) | 53 |
nameserver | IEN-116 name service (obsolete) | 42 |
netbios-dgm | NetBios datagram service | 138 |
netbios-ns | NetBios name service | 137 |
tacacs | TAC Access Control System | 49 |
time | Time | 37 |
tftp | Trivial File Transfer Protocol | 69 |
Note in particular that networks that include Microsoft Windows networking features use a lot of NetBIOS packets. The DHCP server receives broadcasts from many end-device segments throughout the network. It is possible to have enough traffic aggregating on this point to cause serious problems.
This recipe disables each unnecessary protocol, one at a time, using the no ip forward-protocol configuration command. Some organizations choose to disable only the NetBios protocols because this is the one that most frequently causes problems.
We strongly recommend using the no ip forward-protocol command to ensure that only the required protocols are being forwarded to your DHCP server. Note, however, that this command cannot forward different protocols to different helper addresses. If you have two different servers handling different UDP broadcast protocols, they will both receive all of the local broadcasts that the router accepts. So if you need more detailed control over these types of applications, you may find that the broadcast to multicast conversion features discussed in Chapter 23 will be more effective.