[syslinux] UEFI PXE / split config / TFTP attempted to DHCP server, not TFTP server

Gene Cumm gene.cumm at gmail.com
Sun Sep 21 10:54:38 PDT 2014

On Sun, Sep 21, 2014 at 11:44 AM, Spike White <spikewhitetx at gmail.com> wrote:
> All,
> I realize this is not strictly a PXELINUX question.  So I hope you'll
> indulge me; hopefully some of these PXELINUX experts have seen this before.
> And can tell me what I'm doing wrong.  Or confirm my suspicions.
> I have a test lab server at work. Split config.  The network team manages
> the DHCP servers, points to our TFTP server.
> Test subnet has 3 DHCP pools.  BIOS PXE, UEFI PXE and catch-all (straight
> DHCP).
> DHCP server is filtering on client's initial VCI (option 60).
>    PXEClient:Arch:00000* => BIOS PXE boot client
>    PXEClient:Arch:00007* => UEFI PXE boot client
>    empty => std DHCP request
> This is all working correctly.  Based on the OFFERed DHCP addresses (&
> wireshark analysis), I can tell it's being associated with the correct DHCP
> pool in all cases.
> My PXE BIOS boot and std DHCP requests are working fine.
> My problem is with UEFI boot.  It goes through the "DORA" conversation with
> the DHCP server fine.  (DISCOVER-OFFER-REQUEST-ACK).
> Then it attempts to TFTP from the DHCP server instead of the TFTP server!!
> (Which of course fails.)  This only occurs with UEFI; under BIOS boot it
> properly requests from the TFTP server.
> My test server is a Dell R710 server, which is a 3-4 year old server.  It
> does
> BIOS boot by default, but will do UEFI boot.
> Here are the relevant DHCP options I have set in my UEFI pool:
>     next-server (BOOTP flag) -- set to TFTP server's IP address

next-server (ISC DHCP config) being siaddr (RFC 2131)

>     filename (BOOTP flag) -- set to UEFI NBP's full path

filename being file.  I presume it looks like "/path/to/syslinux.efi"
or "/path/to/bootx64.efi" and not a TFTP URL?

>     Domain name (15) -- set to DNS domain name
>     TFTP Server Name (66) -- a string.  I have tried:
>          - TFTP Server's IP address (as string),

As a dotted decimal is considered "typical", ie ""

>          - FQDN,
>          - short name
>     bootfile-name (67) -- set UEFI NBP's full path

Same as filename?

Have you tried skipping options 66/67 or setting siaddr/file to 0 as
additional data points to report to Dell?

> The OFFER & ACK packets additionally have this relevant option set:
>     DHCP Server Identifier (54) -- DHCP server's IP address

Typical.  Your request should also have this set if I recall correctly.

> I do this same split config at my house (VMWare workstation 10.0 Hardware
> Compatibility) and it works fine.  That is, it does the initial DORA
> conversation, then correctly does the TFTP read request of the UEFI NBP from
> the TFTP server.
> So I strongly suspect this is a bug in the Dell R710 UEFI boot firmware
> code.


> (BTW, I'm using the embedded Broadcom NIC that comes w/ the R710).  I have
> flashed the BIOS and NIC firmware up to latest from vendor.

Vendor being Dell, I hope?  Are you on the latest R710 firmwares as
can be obtained with the USC (a special onboard UEFI boot to load
firmware and perform basic configs)?  Have you checked if any newer
firmwares might be posted on Dell's support site?

> Has anyone else ever seen this?  Does anyone else do a split config?

Can't say I've seen this behavior but a split config is pretty common
but recall there's two styles of split: 1) all offers/acks from 1
server  2) addressing from server-a and siaddr/file from server-b.
The latter might show different results (and would also more strongly
affirm a bug).

Have you attempted a packet capture on the DHCP server so as to assert
that your configuration is being interpreted in the manner you expect?


More information about the Syslinux mailing list