The purpose of this feature is to allow forwarding of broadcast traffic across a multicast capable network. Generally, you need a single Layer 2 domain between two nodes to let them hear each other’s broadcast packets. However, broadcast UDP packets can be relayed between two subnets using a special IOS feature known as the helper-address. There are two variations of this feature:

  • Unicast helper ( ip helper-address ), which converts the broadcast destination address to the fixed unicast IP address. Most often this feature is used with DHCP to forward requests to the server.
  • Multicast helper ( ip multicast helper-map ), which converts the broadcast destination to a fixed multicast address.

The multicast helper-map feature allows scalable forwarding of broadcast traffic between disjoined segments. This is often needed to support legacy applications like stock tickers that use broadcast to deliver information to multiple sources simultaneously. To configure multicast helper, follow the steps outlined below:

  1. Step 1: Set up a multicast network between the segments that should exchange broadcast packets. You should select a group to deliver the broadcast packets and decide which PIM mode to use. If you chose PIM SM, make sure the group you chose maps to an RP. Make sure multicasting works by joining an interface on the egress router (closest to the broadcast receiver) to the selected group, and ping this group from the ingress router (closest to the broadcast source).
  2. Enable broadcast forwarding on the ingress router—the one directly connected to the source. If there are multiple sources, you must configure all respective routers. Use the command ip forward-protocol udp <port-number> to enable forwarding of broadcast UDP packets sent to the specified port-number.
  3. Configure a multicast helper-map on the ingress routers to redirect broadcast packets to the selected multicast address. The syntax for this interface- level command is ip multicast helper-map broadcast <mcast-address> <ACL> . The access-list controls which broadcast packets are eligible to be converted into the multicast. For example, if you want to forward UDP packets destined to port 5000, use an access-list similar to the following: access-list 100 permit udp any any eq 5000 . Note that the same UDP port must be enabled for broadcast forwarding at Step 2. All broadcast traffic received on the configured interface that matches the access-list is converted and sent to the specified multicast address. If the group is in sparse mode, the ingress router will register the source with the RP, per the usual procedure.
  4. Enable broadcast forwarding on the egress router, that is, the router directly connected to the destination subnet. Use the same command that you used in Step 2, ip forward-protocol udp , to accomplish this. Next, enable multicast helper map on the egress router for all interfaces that may receive multicast traffic. Note that you should not configure the multicast-helper on the interface connected to the destination. Use the command **ip multicast helper-map \<mcast-group\> \<directed-broadcast-IP\> \<ACL\>** where mcast-group is the same group you used in Step 3 and directed-broadcast-IP is the broadcast subnet IP address on the segment that receives the broadcast traffic.
  5. Enable directed broadcasts on the interface connected to the receiving segment using the command ip directed-broadcast . This is needed to successfully send broadcasts out of this segment. By default, the broadcasts are sent to the address 255.255.255.255, irrespective of the directed-broadcast-IP configured in Step 4. If you want to use a different address, put the command ip broadcast-address <IP> on the same segment.

To test there are one of 3 ways to generate broadcast packets:

  • Use IP SLA (may not work with some IOS versions)
  • Enable DNS Name Resolution, but do not configure a DNS Server. The router will broadcast for any DNS name entered in the command line using the address 255.255.255.255 out all interfaces. You will need to adjust the port in your access-lists to forward this broadcast traffic.
  • Generate an extended traceroute command using parameters to trace to the broadcast destination, starting off the port number that is covered by your ACL.

Let’s look at an end-to-end configuration example. Our network goes SW1-R4-R3-R2-R1-SW2, where SW1 is the broadcast sender, SW2 is the broadcast receiver, R4 is the first hop router, and R1 is the last hop router. Assume IGP and PIM adjacencies are already built from R1 to R4.

R4(config)# ip forward-protocol udp 31337
R4(config)# access-list 100 permit udp any any eq 311337
R4(config)# interface FastEthernet0/0
R4(config-if)# description TO_SW1
R4(config-if)# ip address 173.20.47.4 255.255.255.0
R4(config-if)# ip multicast helper-map broadcast 224.1.2.3 100
R4(config-if)# exit

This configuration means that if R4 receives a UDP broadcast packet going to UDP port 31337 on port FastEThernet0/0 it will be translated to the multicast address 224.1.2.3. Note that the use of the ip forward-protocol command is necessary in order to process switch UDP traffic going to the port in question. Without process switching the helper-map feature can not correctly categorize and translate the traffic.

R1’s configuration looks like this:

R1(config)# ip forward-protocol udp 31337
R1(config)# access-list 100 permit udp any any eq 31337
R1(config)# interface Serial0/0.1234
R1(config-if)# description to R2
R1(config-if)# ip address 173.20.12.1 255.255.255.0
R1(config-if)# ip pim dense-mode
R1(config-if)# ip multicast helper-map 224.1.2.3 173.20.18.255 100
R1(config-if)# exit
R1(config)# interface FastEthernet0/0
R1(config-if)# description TO SW2 RECEIVER
R1(config-if)# ip address 173.20.18.1 255.255.255.0
R1(config-if)# ip directed-broadcast
R1(config-if)# exit

This configuration means that if R1 receives a UDP multicast going to the group address 224.1.2.3 at port 31337 inbound on S0/0.102 it will be translated to the directed broadcast address 173.20.18.255. Since the link 173.20.18.0/24 is directly connected and has the directed broadcast address of 173.20.18.255 by default, the configuration implies that traffic matching the helper map on S0/0.102 will be sent as a broadcast out Fa0/0.

Note the use of the “ip forward-protocol” command as before in order to process switch the UDP traffic. Additionally the “ip directed-broadcast” command is enabled on the last hop outgoing interface since in current IOS versions this is disabled by default for security purposes.

Finally, here is an example of using IP SLA to generate broadcast UDP traffic.

SW1(config)# ip sla 1
SW1(config-sla)# type udpEcho dest-ipaddr 255.255.255.255 dest=port 31337 source-ipaddr 173.20.47.7 source-port 12345 control disable
SW1(config-sla)# timeout 0
SW1(config-sla)# frequency 5
SW1(config-sla)# ip sla schedule 1 life forever start-time-now
R1(config)# exit