isc-dhcp/relay/dhcrelay.8

.\"	dhcrelay.8
.\"
.\" Copyright (c) 2004-2016 by Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (c) 1997-2003 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"   Internet Systems Consortium, Inc.
.\"   950 Charter Street
.\"   Redwood City, CA 94063
.\"   <info@isc.org>
.\"   https://www.isc.org/
.\"
.\" This software has been written for Internet Systems Consortium
.\" by Ted Lemon in cooperation with Vixie Enterprises.
.\"
.\" Support and other services are available for ISC products - see
.\" https://www.isc.org for more information or to learn more about ISC.
.\"
.\" $Id: dhcrelay.8,v 1.20 2012/05/14 23:17:43 sar Exp $
.\"
.TH dhcrelay 8
.SH NAME
dhcrelay - Dynamic Host Configuration Protocol Relay Agent
.SH SYNOPSIS
.B dhcrelay
[
.B -4
]
[
.B -dqaD
]
[
.B -p
.I port
]
[
.B -c
.I count
]
[
.B -A
.I length
]
[
.B -pf
.I pid-file
]
[
.B --no-pid
]
[
.B -m
.I append
|
.I replace
|
.I forward
|
.I discard
]
[
.B -i
.I interface0
[
.B ...
.B -i
.I interfaceN 
]
[
.B -iu
.I interface0
[
.B ...
.B -iu
.I interfaceN
]
.B -l
.I interface
]
.B -U
.I interface
]
.I server0
[
.I ...serverN
]
.PP
.B dhcrelay -6
[
.B -dqI
]
[
.B -p
.I port
]
[
.B -c
.I count
]
[
.B -pf
.I pid-file
]
[
.B --no-pid
]
[
.B -s
.I subscriber-id
]
.B -l
.I lower0
[
.B ...
.B -l
.I lowerN
]
.B -u
.I upper0 
[
.B ...
.B -u
.I upperN
]
.SH DESCRIPTION
The Internet Systems Consortium DHCP Relay Agent, dhcrelay, provides a
means for relaying DHCP and BOOTP requests from a subnet to which
no DHCP server is directly connected to one or more DHCP servers on
other subnets.  It supports both DHCPv4/BOOTP and DHCPv6 protocols.
.SH OPERATION
.PP
The DHCP Relay Agent listens for DHCPv4 or DHCPv6 queries from clients or
other relay agents on one or more interfaces, passing them along to
``upstream'' servers or relay agents as specified on the command line.
When a reply is received from upstream, it is multicast or unicast back
downstream to the source of the original request.
.SH COMMAND LINE
.PP
\fIProtocol selection options:\fR
.TP
-6
Run dhcrelay as a DHCPv6 relay agent.  Incompatible with the \fB-4\fR
option.
.TP
-4
Run dhcrelay as a DHCPv4/BOOTP relay agent.  This is the default mode of
operation, so the argument is not necessary, but may be specified for
clarity.  Incompatible with \fB-6\fR.
.PP
\fISpecifying DHCPv4/BOOTP servers\fR
.PP
In DHCPv4 mode, a list of one or more server addresses must be specified on
the command line, to which DHCP/BOOTP queries should be relayed.
.PP
\fIOptions available for both DHCPv4 and DHCPv6:\fR
.TP
-c COUNT
Maximum hop count.  When forwarding packets, dhcrelay discards packets
which have reached a hop count of COUNT.  Default is 10.  Maximum is 255.
.TP
-d
Force dhcrelay to run as a foreground process.  Useful when running
dhcrelay under a debugger, or running out of inittab on System V systems.
.TP
-p PORT
Listen and transmit on port PORT.  This is mostly useful for debugging
purposes.  Default is port 67 for DHCPv4/BOOTP, or port 547 for DHCPv6.
.TP
-q
Quiet mode.  Prevents dhcrelay6 from printing its network configuration
on startup.
.TP
-pf pid-file
Path to alternate pid file.
.TP
--no-pid
Option to disable writing pid files.  By default the program
will write a pid file.
.PP
\fIOptions available in DHCPv4 mode only:\fR
.TP
-a
Append an agent option field to each request before forwarding it to
the server.  Agent option fields in responses sent from servers to
clients will be stripped before forwarding such responses back to the
client.  The agent option field will contain two agent options: the Circuit
ID suboption and the Remote ID suboption.  Currently, the Circuit ID will
be the printable name of the interface on which the client request was
received.  The client supports inclusion of a Remote ID suboption as well,
but this is not used by default.
.TP
-A LENGTH
Specify the maximum packet size to send to a DHCPv4/BOOTP server.  This
might be done to allow sufficient space for addition of relay agent
options while still fitting into the Ethernet MTU size.
.TP
-D
Drop packets from upstream servers if they contain Relay Agent
Information options that indicate they were generated in response to
a query that came via a different relay agent.  If this option is not
specified, such packets will be relayed anyway.
.TP
-i \fIifname\fR
Listen for DHCPv4/BOOTP traffic on interface \fIifname\fR.  Multiple
interfaces may be specified by using more than one \fB-i\fR option.  If
no interfaces are specified on the command line, dhcrelay will identify
all network interfaces, eliminating non-broadcast interfaces if possible,
and attempt to listen on all of them.
.TP
-iu \fIifname\fR
Specifies an upstream network interface for DHCPv4 relay mode: an
interface from which replies from servers and other relay agents will be
accepted.  Multiple interfaces may be specified by using more
than one \fB-u\fR option.  This argument is intended to be used
in conjunction with one or more -i arguments.
.TP
-m \fIappend\fR|\fIreplace\fR|\fIforward\fR|\fIdiscard\fR
Control the handling of incoming DHCPv4 packets which already contain
relay agent options.  If such a packet does not have \fIgiaddr\fR set in
its header, the DHCP standard requires that the packet be discarded.
However, if \fIgiaddr\fR is set, the relay agent may handle the situation
in four ways:  It may \fIappend\fR its own set of relay options to the
packet, leaving the supplied option field intact; it may \fIreplace\fR the
existing agent option field; it may \fIforward\fR the packet unchanged; or,
it may \fIdiscard\fR it.
.TP
-U \fIifname\fR
Enables the addition of a RFC 3527 compliant link selection suboption for
clients directly connected to the relay.  This RFC allows a relay to
specify two different IP addresses: one for the server to use when
communicating with the relay (giaddr) the other for choosing the subnet
for the client (the suboption).  This can be useful if the server is
unable to send packets to the relay via the address used for the subnet.

When enabled, dhcrelay will add an agent option (as per \fB-a\fR above) that
includes the link selection suboption to the forwarded packet.  This will only
be done to packets received from clients that are directly connected to the
relay (i.e. giaddr is zero).  The address used in the suboption will be that
of the link upon which the inbound packet was received (which would otherwise
be used for giaddr). The value of giaddr will be set to that of interface
\fIifname\fR.

Only one interface should be marked in this fashion.  Currently enabling
this option on an interface causes the relay to process all DHCP traffic
similar to the \fI-i\fR option, in the future we may split the two more
completely.

This option is off by default.  Note that enabling this option automatically
enables the \fB-a\fR option.

Keep in mind that using options such as \fB-m replace\fR or \fB-m discard\fR
on relays upstream from one using \fB-U\fR can pose problems.  The upstream
relay will wipe out the initial agent option containing the link selection
while leaving the re-purposed giaddr value in place, causing packets to go
astray.

.PP
\fIOptions available in DHCPv6 mode only:\fR
.TP
-I
Force use of the DHCPv6 Interface-ID option.  This option is
automatically sent when there are two or more downstream interfaces
in use, to disambiguate between them.  The \fB-I\fR option causes
dhcrelay to send the option even if there is only one downstream
interface.
.TP
-s subscriber-id
Add an option with the specified subscriber-id into the packet.  This
feature is for testing rather than production as it will put the same
subscriber-id into the packet for all clients.
.TP
-l [\fIaddress%\fR]\fIifname\fR[\fI#index\fR]
Specifies the ``lower'' network interface for DHCPv6 relay mode: the
interface on which queries will be received from clients or from other
relay agents.  At least one \fB-l\fR option must be included in the command
line when running in DHCPv6 mode.  The interface name \fIifname\fR is a
mandatory parameter.  The link address can be specified by \fIaddress%\fR;
if it isn't, dhcrelay will use the first non-link-local address configured
on the interface.  The optional \fI#index\fR parameter specifies the
interface index.
.TP
-u [\fIaddress%\fR]\fIifname\fR
Specifies the ``upper'' network interface for DHCPv6 relay mode: the
interface to which queries from clients and other relay agents should be
forwarded.  At least one \fB-u\fR option must be included in the command
line when running in DHCPv6 mode.  The interface name \fIifname\fR is a
mandatory parameter. The destination unicast or multicast address can be
specified by \fIaddress%\fR; if not specified, the relay agent will forward
to the DHCPv6 \fIAll_DHCP_Relay_Agents_and_Servers\fR multicast address.
.PP
It is possible to specify the same interface with different addresses
more than once, and even, when the system supports it, to use the same
interface as both upper and lower interfaces.
.SH SEE ALSO
dhclient(8), dhcpd(8), RFC3315, RFC2132, RFC2131.
.SH BUGS
.PP
Using the same interface on both upper and lower sides may cause
loops, so when running this way, the maximum hop count should be set
to a low value.
.PP
The loopback interface is not (yet) recognized as a valid interface.
.SH AUTHOR
.B dhcrelay(8)
To learn more about Internet Systems Consortium, see
.B https://www.isc.org