Something about DHCP broadcasts and subnets I don't quite get

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












I am not completely oblivious when it comes to networks but here is something I can't wrap my head around.



Imagine we have a network like in the picture. 6 hosts on one layer 2 network, no VLANs. The network is supposed to be segmented into 2 subnets, with one DHCP server each. The DHCP servers have fixed IP addresses, so they know in which subnet they belong, obviously.



Then new clients get plugged in. They don't know nothing about which subnet they're supposed to be in and send their DHCPDISCOVER to the ethernet broadcast 255.255.255.255, so it goes to both DHCP servers. Both servers reply with an offer. Now here's my question: How does the client know, which DHCPOFFER he's supped to accept?



DHCP situation






networking dhcp







share|improve this question























  • Compare this question and answers there.
    – Kamil Maciorowski
    2 mins ago














up vote
3
down vote

favorite












I am not completely oblivious when it comes to networks but here is something I can't wrap my head around.



Imagine we have a network like in the picture. 6 hosts on one layer 2 network, no VLANs. The network is supposed to be segmented into 2 subnets, with one DHCP server each. The DHCP servers have fixed IP addresses, so they know in which subnet they belong, obviously.



Then new clients get plugged in. They don't know nothing about which subnet they're supposed to be in and send their DHCPDISCOVER to the ethernet broadcast 255.255.255.255, so it goes to both DHCP servers. Both servers reply with an offer. Now here's my question: How does the client know, which DHCPOFFER he's supped to accept?



DHCP situation






networking dhcp







share|improve this question























  • Compare this question and answers there.
    – Kamil Maciorowski
    2 mins ago












up vote
3
down vote

favorite









up vote
3
down vote

favorite











I am not completely oblivious when it comes to networks but here is something I can't wrap my head around.



Imagine we have a network like in the picture. 6 hosts on one layer 2 network, no VLANs. The network is supposed to be segmented into 2 subnets, with one DHCP server each. The DHCP servers have fixed IP addresses, so they know in which subnet they belong, obviously.



Then new clients get plugged in. They don't know nothing about which subnet they're supposed to be in and send their DHCPDISCOVER to the ethernet broadcast 255.255.255.255, so it goes to both DHCP servers. Both servers reply with an offer. Now here's my question: How does the client know, which DHCPOFFER he's supped to accept?



DHCP situation






networking dhcp







share|improve this question















I am not completely oblivious when it comes to networks but here is something I can't wrap my head around.



Imagine we have a network like in the picture. 6 hosts on one layer 2 network, no VLANs. The network is supposed to be segmented into 2 subnets, with one DHCP server each. The DHCP servers have fixed IP addresses, so they know in which subnet they belong, obviously.



Then new clients get plugged in. They don't know nothing about which subnet they're supposed to be in and send their DHCPDISCOVER to the ethernet broadcast 255.255.255.255, so it goes to both DHCP servers. Both servers reply with an offer. Now here's my question: How does the client know, which DHCPOFFER he's supped to accept?



DHCP situation






networking dhcp




networking dhcp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 9 mins ago









Fazer87

9,89712338




9,89712338










asked 2 hours ago









Michael Niemand

1255




1255











  • Compare this question and answers there.
    – Kamil Maciorowski
    2 mins ago
















  • Compare this question and answers there.
    – Kamil Maciorowski
    2 mins ago















Compare this question and answers there.
– Kamil Maciorowski
2 mins ago




Compare this question and answers there.
– Kamil Maciorowski
2 mins ago










1 Answer
1






active

oldest

votes

















up vote
3
down vote



accepted










Simplest answer - first come first served.



If you had multiple VLANs and 10.10.10.0/24 was on a different VLAN to 10.10.20.0/24 - the broadcast wouldn't cross VLANs.



If the DHCP Server was on a separate VLAN to the clients, an iphelper on the routing interface between vlans would direct the broadcast onto the correct location.



In your scenario where you have 2 separate networks within the same VLAN (or lack thereof) serving up different subnets - its a race.



DHCP Serves up using the following transactions:



  1. DHCP Discovery (DHCPDISCOVER) - Client Broadcast - "Is there a DHCP
    Server out there?"

  2. DHCP Offer (DHCPOFFER) - Server to Client - "Yeah, I'm here and available!"

  3. DHCP Request (DHCPREQUEST) - Client to Server "Awesome, Can I have an address please?"

  4. DHCP Acknowledgement (DHCPACK) - Server to client "Sure, here's an IP, a mask, a gateway, some DNS/WINS Servers, a Time Server, and all the other stuff configured for your scope"

All of this happens on UDP Ports 67 for the server and 68 for the client.



As soon as Step 2 is reached - the client will stop "listening" to other DHCP Servers responses - its happy dealing with the first Server to give it some attention.



As a side note - there is actually a well known series of DoS (Denial of Service) attacks which abuse this right. An attacker plugs in a device which responds and sends out DHCPOFFER packets and then doesn't send DHCPACK out when asked... over and over and over again. There is also another DoS attack where "fake" DHCP Servers offer out addresses that can't be routed or that conflict with other IPs it's sniffed to mess with networks.






share|improve this answer
















  • 2




    And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
    – grawity
    2 hours ago










  • Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
    – Michael Niemand
    2 hours ago










  • In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
    – grawity
    34 mins ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "3"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1370188%2fsomething-about-dhcp-broadcasts-and-subnets-i-dont-quite-get%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
3
down vote



accepted










Simplest answer - first come first served.



If you had multiple VLANs and 10.10.10.0/24 was on a different VLAN to 10.10.20.0/24 - the broadcast wouldn't cross VLANs.



If the DHCP Server was on a separate VLAN to the clients, an iphelper on the routing interface between vlans would direct the broadcast onto the correct location.



In your scenario where you have 2 separate networks within the same VLAN (or lack thereof) serving up different subnets - its a race.



DHCP Serves up using the following transactions:



  1. DHCP Discovery (DHCPDISCOVER) - Client Broadcast - "Is there a DHCP
    Server out there?"

  2. DHCP Offer (DHCPOFFER) - Server to Client - "Yeah, I'm here and available!"

  3. DHCP Request (DHCPREQUEST) - Client to Server "Awesome, Can I have an address please?"

  4. DHCP Acknowledgement (DHCPACK) - Server to client "Sure, here's an IP, a mask, a gateway, some DNS/WINS Servers, a Time Server, and all the other stuff configured for your scope"

All of this happens on UDP Ports 67 for the server and 68 for the client.



As soon as Step 2 is reached - the client will stop "listening" to other DHCP Servers responses - its happy dealing with the first Server to give it some attention.



As a side note - there is actually a well known series of DoS (Denial of Service) attacks which abuse this right. An attacker plugs in a device which responds and sends out DHCPOFFER packets and then doesn't send DHCPACK out when asked... over and over and over again. There is also another DoS attack where "fake" DHCP Servers offer out addresses that can't be routed or that conflict with other IPs it's sniffed to mess with networks.






share|improve this answer
















  • 2




    And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
    – grawity
    2 hours ago










  • Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
    – Michael Niemand
    2 hours ago










  • In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
    – grawity
    34 mins ago














up vote
3
down vote



accepted










Simplest answer - first come first served.



If you had multiple VLANs and 10.10.10.0/24 was on a different VLAN to 10.10.20.0/24 - the broadcast wouldn't cross VLANs.



If the DHCP Server was on a separate VLAN to the clients, an iphelper on the routing interface between vlans would direct the broadcast onto the correct location.



In your scenario where you have 2 separate networks within the same VLAN (or lack thereof) serving up different subnets - its a race.



DHCP Serves up using the following transactions:



  1. DHCP Discovery (DHCPDISCOVER) - Client Broadcast - "Is there a DHCP
    Server out there?"

  2. DHCP Offer (DHCPOFFER) - Server to Client - "Yeah, I'm here and available!"

  3. DHCP Request (DHCPREQUEST) - Client to Server "Awesome, Can I have an address please?"

  4. DHCP Acknowledgement (DHCPACK) - Server to client "Sure, here's an IP, a mask, a gateway, some DNS/WINS Servers, a Time Server, and all the other stuff configured for your scope"

All of this happens on UDP Ports 67 for the server and 68 for the client.



As soon as Step 2 is reached - the client will stop "listening" to other DHCP Servers responses - its happy dealing with the first Server to give it some attention.



As a side note - there is actually a well known series of DoS (Denial of Service) attacks which abuse this right. An attacker plugs in a device which responds and sends out DHCPOFFER packets and then doesn't send DHCPACK out when asked... over and over and over again. There is also another DoS attack where "fake" DHCP Servers offer out addresses that can't be routed or that conflict with other IPs it's sniffed to mess with networks.






share|improve this answer
















  • 2




    And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
    – grawity
    2 hours ago










  • Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
    – Michael Niemand
    2 hours ago










  • In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
    – grawity
    34 mins ago












up vote
3
down vote



accepted







up vote
3
down vote



accepted






Simplest answer - first come first served.



If you had multiple VLANs and 10.10.10.0/24 was on a different VLAN to 10.10.20.0/24 - the broadcast wouldn't cross VLANs.



If the DHCP Server was on a separate VLAN to the clients, an iphelper on the routing interface between vlans would direct the broadcast onto the correct location.



In your scenario where you have 2 separate networks within the same VLAN (or lack thereof) serving up different subnets - its a race.



DHCP Serves up using the following transactions:



  1. DHCP Discovery (DHCPDISCOVER) - Client Broadcast - "Is there a DHCP
    Server out there?"

  2. DHCP Offer (DHCPOFFER) - Server to Client - "Yeah, I'm here and available!"

  3. DHCP Request (DHCPREQUEST) - Client to Server "Awesome, Can I have an address please?"

  4. DHCP Acknowledgement (DHCPACK) - Server to client "Sure, here's an IP, a mask, a gateway, some DNS/WINS Servers, a Time Server, and all the other stuff configured for your scope"

All of this happens on UDP Ports 67 for the server and 68 for the client.



As soon as Step 2 is reached - the client will stop "listening" to other DHCP Servers responses - its happy dealing with the first Server to give it some attention.



As a side note - there is actually a well known series of DoS (Denial of Service) attacks which abuse this right. An attacker plugs in a device which responds and sends out DHCPOFFER packets and then doesn't send DHCPACK out when asked... over and over and over again. There is also another DoS attack where "fake" DHCP Servers offer out addresses that can't be routed or that conflict with other IPs it's sniffed to mess with networks.






share|improve this answer












Simplest answer - first come first served.



If you had multiple VLANs and 10.10.10.0/24 was on a different VLAN to 10.10.20.0/24 - the broadcast wouldn't cross VLANs.



If the DHCP Server was on a separate VLAN to the clients, an iphelper on the routing interface between vlans would direct the broadcast onto the correct location.



In your scenario where you have 2 separate networks within the same VLAN (or lack thereof) serving up different subnets - its a race.



DHCP Serves up using the following transactions:



  1. DHCP Discovery (DHCPDISCOVER) - Client Broadcast - "Is there a DHCP
    Server out there?"

  2. DHCP Offer (DHCPOFFER) - Server to Client - "Yeah, I'm here and available!"

  3. DHCP Request (DHCPREQUEST) - Client to Server "Awesome, Can I have an address please?"

  4. DHCP Acknowledgement (DHCPACK) - Server to client "Sure, here's an IP, a mask, a gateway, some DNS/WINS Servers, a Time Server, and all the other stuff configured for your scope"

All of this happens on UDP Ports 67 for the server and 68 for the client.



As soon as Step 2 is reached - the client will stop "listening" to other DHCP Servers responses - its happy dealing with the first Server to give it some attention.



As a side note - there is actually a well known series of DoS (Denial of Service) attacks which abuse this right. An attacker plugs in a device which responds and sends out DHCPOFFER packets and then doesn't send DHCPACK out when asked... over and over and over again. There is also another DoS attack where "fake" DHCP Servers offer out addresses that can't be routed or that conflict with other IPs it's sniffed to mess with networks.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 hours ago









Fazer87

9,89712338




9,89712338







  • 2




    And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
    – grawity
    2 hours ago










  • Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
    – Michael Niemand
    2 hours ago










  • In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
    – grawity
    34 mins ago












  • 2




    And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
    – grawity
    2 hours ago










  • Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
    – Michael Niemand
    2 hours ago










  • In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
    – grawity
    34 mins ago







2




2




And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
– grawity
2 hours ago




And therefore the short answer to "But then how do I run multiple subnets on a single Layer-2 segment?" is "You don't." (Yes, there are ways, but it's not something you should generally do. One layer-2 domain = one subnet.)
– grawity
2 hours ago












Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
– Michael Niemand
2 hours ago




Thank you guys, that really clicked with me. I always wondered how this would be possible, but it simply isn't. So the take away is: Have a router / layer 3 switch between subnets or segment with VLANs, am I right?
– Michael Niemand
2 hours ago












In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
– grawity
34 mins ago




In general, yes, you need either VLANs or physical segmentation. Sharing a L2 domain would be doable only if both of your DHCP servers were restricted to handling "known" clients (e.g. by list of 'static leases' with allowed MAC addresses).
– grawity
34 mins ago

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1370188%2fsomething-about-dhcp-broadcasts-and-subnets-i-dont-quite-get%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

White Anglo-Saxon Protestant

Image
White Anglo-Saxon Protestants ( WASPs ) are a social group of wealthy and well-connected white Americans, of Protestant and predominantly British ancestry, who trace their ancestry to the American colonial period. Until at least the 1960s, this group has dominated American society and culture and dominated in the leadership of the Whig and Republican parties. They usually are very well placed in major financial, business, legal and academic institutions and had close to a monopoly of elite society due to intermarriage and nepotism. [1] During the latter half of the twentieth century, outsider ethnic and racial groups grew in influence and WASP dominance weakened. Americans are increasingly criticizing the WASP hegemony and disparaging WASPs as the epitome of "the Establishment". The Random House Unabridged Dictionary (1998) says the term is "Sometimes Disparaging and Offensive". [2] [3] The term WASP is often used as a pejorative to classify their historical dom...
Read more

Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. ...
Read more

One-line joke

A one-liner is a joke that is delivered in a single line. A good one-liner is said to be pithy - concise and meaningful. [1] Comedians and actors use this comedic method as part of their act, e.g. Jimmy Carr, Tommy Cooper, Rodney Dangerfield, Norm Macdonald, Ken Dodd, Stewart Francis, Zach Galifianakis, Mitch Hedberg, Anthony Jeselnik, Milton Jones, Shappi Khorsandi, Jay London, Mark Linn-Baker, Demetri Martin, Groucho Marx, Dan Mintz, Emo Philips, Tim Vine, Steven Wright and Henny Youngman and Arnold Schwarzenegger. [ citation needed ] Many fictional characters are also known to deliver one-liners, including James Bond, who usually includes pithy and laconic quips after disposing of a villain. [ citation needed ] Examples "A baby seal walks into a club." "A dyslexic man walks into a bra." (Anonymous) "There are three types of people, those who can count and those who can't." "Venison's dear, isn't it?" (Jimmy Carr) "An escala...
Read more