Limiting the Impact of IP Helper Addresses

Problem

After configuring your router to use IP helper addresses, you suffer from high link utilization or high CPU utilization on the DHCP server.

Solution

The ip helper-address command implicitly enables forwarding several different kinds of UDP broadcasts. You can prevent the router from forwarding the unwanted types of broadcasts with the no ip forward-protocol udp configuration command:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#no ip forward-protocol udp tftp
Router1(config)#no ip forward-protocol udp nameserver
Router1(config)#no ip forward-protocol udp domain
Router1(config)#no ip forward-protocol udp time
Router1(config)#no ip forward-protocol udp netbios-ns
Router1(config)#no ip forward-protocol udp netbios-dgm
Router1(config)#no ip forward-protocol udp tacacs
Router1(config)#end
Router1#

 

Discussion

As mentioned in Recipe 20.1, if the DHCP client and server are on different network segments, the router on the client's segment must be configured with a helper address for DHCP to work. However, the helper address configuration forwards a variety of different UDP broadcasts, not just DHCP packets. This can cause network loading problems, as well as CPU loading problems on the DHCP server.

By default, when you configure the ip helper-address command on an interface, the router will automatically forward UDP broadcasts for all of the protocols shown in Table 20-1.

Table 20-1. Default UDP protocols for helper addresses

Type Description UDP port
bootpc Bootstrap or DHCP client 68
bootps Bootstrap or DHCP server 67
domain Domain Name Service (DNS) 53
nameserver IEN-116 name service (obsolete) 42
netbios-dgm NetBios datagram service 138
netbios-ns NetBios name service 137
tacacs TAC Access Control System 49
time Time 37
tftp Trivial File Transfer Protocol 69

Note in particular that networks that include Microsoft Windows networking features use a lot of NetBIOS packets. The DHCP server receives broadcasts from many end-device segments throughout the network. It is possible to have enough traffic aggregating on this point to cause serious problems.

This recipe disables each unnecessary protocol, one at a time, using the no ip forward-protocol configuration command. Some organizations choose to disable only the NetBios protocols because this is the one that most frequently causes problems.

We strongly recommend using the no ip forward-protocol command to ensure that only the required protocols are being forwarded to your DHCP server. Note, however, that this command cannot forward different protocols to different helper addresses. If you have two different servers handling different UDP broadcast protocols, they will both receive all of the local broadcasts that the router accepts. So if you need more detailed control over these types of applications, you may find that the broadcast to multicast conversion features discussed in Chapter 23 will be more effective.

See Also

Recipe 20.1; Chapter 23

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net