This week a project manager contacted me with an rather peculiar question. I work with this project manager now for almost two years. And I know he is technically very skilled. So if he doesn’t know the answer then the answer is not always straight forward.
I currently work for a large telco in the Netherlands. One of the services offered is DHCP-relay. Technically this is a very basic and straight forward service. The customer wanted to know which address is used as source address in the packets destined to the DHCP server. This was needed to set some static routes.
Okay lets start labbing, within GNS3 I made the following lab setup;
IP addresses used are;
- DHCP-Server
- e0/0 172.16.1.1
- Router
- e0/0 172.16.1.2
- e1/0.1 192.168.1.1 (switch management vlan)
- e1/0.100 192.168.100.1 (customer vlan)
- Switch
- vlan1 192.168.1.10
- PC1
- e0 will get ip from DHCP server.
Router config interface facing the dhcp client.
interface Ethernet1/0.100 encapsulation dot1Q 100 ip address 192.168.100.1 255.255.255.0 ip helper-address 172.16.1.1 end
With the set up ready I am able to get an ip address. During the DHCP negotiation wireshark is gathering information on the link between the router and the dhcp-server.
DHCP request and reply
Opcode: 1 (REQUEST) Client IP Address: 192.168.100.13 Your IP Address: 0.0.0.0 Server IP Address: 0.0.0.0 Gateway IP Address: 0.0.0.0 Client MAC Address: 00:50:79:66:68:00 Option 53: Message Type = Request Option 54: DHCP Server = 172.16.1.1 Option 50: Requested IP Address = 192.168.100.13 Option 61: Client Identifier = Hardware Type=Ethernet MAC Address = 00:50:79:66:68:00 Option 12: Host Name = PC11
Some messages have been omitted for readability. In the process prior to assigning an IP address the DHCP server chooses an IP and checks uniqueness in the network using ping.
Opcode: 2 (REPLY) Client IP Address: 192.168.100.13 Your IP Address: 192.168.100.13 Server IP Address: 0.0.0.0 Gateway IP Address: 192.168.100.1 Client MAC Address: 00:50:79:66:68:00 Option 53: Message Type = Ack Option 54: DHCP Server = 172.16.1.1 Option 51: Lease Time = 86400 Option 58: Renewal Time = 43200 Option 59: Rebinding Time = 75600 Option 1: Subnet Mask = 255.255.255.0 Option 3: Router = 192.168.100.1 IP 192.168.100.13/24 GW 192.168.100.1
To be honest I set a static route on the DHCP-server
ip route 192.168.100.0 255.255.255.0 172.16.1.2
What does Wireshark tell me ? This whole exercise is undertaken to ‘see’ what information passes from the router to the dhcp-server and vice-versa.
I expect a dhcp discover followed by a offer. Between discover and offer the dhcp-server should ping the ip address which it is going to serve to the dhcp-client. No ping reply means; ip address if not currently in use. No duplicate ip addresses are injected.
A little close-up reveals the answer;
The DHCP unicast packet is sourced by 192.168.100.1 which is the router interface facing the dhcp-client. This interface contains the ip helper-address 172.16.1.1 statement.
NOTE: the network diagram is overly simplified. First because I do not wish to reveal any business proprietary information. Second it withdraws focus from the question at hand.
NOTE2: Thank you David Theuns for being your ‘vraagbaak’.
Network Ninja 
The DHCP server assigns ip addresses using one of three methods; top-down, bottom-up or round robin. This is the case when using a standard implementation. More complexity can be added using dhcp option 82; assigning ip addresses using router/switch ip in combination of slot number, port number and if applicable vlan number. For brevity option 82 was not implemented in this post.