After configuring your router to use IP helper addresses, you suffer from high link utilization or high CPU utilization on the DHCP server.
The ip helper-address command implicitly enables forwarding of several different kinds of UDP broadcasts. You can prevent the router from forwarding the unwanted types of broadcasts with the no ip forward-protocol udp configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#no ip forward-protocol udp tftp Router1(config)#no ip forward-protocol udp nameserver Router1(config)#no ip forward-protocol udp domain Router1(config)#no ip forward-protocol udp time Router1(config)#no ip forward-protocol udp netbios-ns Router1(config)#no ip forward-protocol udp netbios-dgm Router1(config)#no ip forward-protocol udp tacacs Router1(config)#end Router1#
As mentioned in Recipe 20.1, if the DHCP client and server are on different network segments, the router on the client's segment must be configured with a helper address for DHCP to work. However, the helper address configuration forwards a variety of different UDP broadcasts, not just DHCP packets. This can cause network and CPU loading problems on the DHCP server.
By default, when you configure the ip helper-address command on an interface, the router will automatically forward UDP broadcasts for all of the protocols shown in Table 20-1.
|
Type |
Description |
UDP port |
|---|---|---|
|
bootpc |
Bootstrap or DHCP client |
68 |
|
bootps |
Bootstrap or DHCP server |
67 |
|
domain |
Domain Name Service (DNS) |
53 |
|
nameserver |
IEN-116 name service (obsolete) |
42 |
|
netbios-dgm |
NetBIOS datagram service |
138 |
|
netbios-ns |
NetBIOS name service |
137 |
|
tacacs |
TAC Access Control System |
49 |
|
time |
Time |
37 |
|
tftp |
Trivial File Transfer Protocol |
69 |
In particular, networks that include Microsoft Windows networking features use a lot of NetBIOS packets. The DHCP server receives broadcasts from many end device segments throughout the network. It is possible to have enough traffic aggregating on this point to cause serious problems.
This recipe disables each unnecessary protocol, one at a time, using the no ip forward-protocol configuration command. Some organizations choose to disable only the NetBIOS protocol because this is usually the one that most frequently causes problems.
We strongly recommend using the no ip forward-protocol command to ensure that only the required protocols are being forwarded to your DHCP server. Note, however, that this command cannot forward different protocols to different helper addresses. If you have two different servers handling different UDP broadcast protocols, they will both receive all of the local broadcasts that the router accepts. If you need more detailed control over these types of applications, you may find that the broadcast-to-multicast conversion features discussed in Chapter 23 are more effective.
 |
|
|
| Top |