[syslinux] UEFI PXE / split config / TFTP attempted to DHCP server, not TFTP server
Gene Cumm
gene.cumm at gmail.com
Sun Sep 21 19:19:12 PDT 2014
On Sun, Sep 21, 2014 at 4:50 PM, Spike White <spikewhitetx at gmail.com> wrote:
> Gene,
>
> All good questions. Thanks for taking time to respond. You've given me
> great leads to follow up w/ DHCP appliance consultant.
>>Have you tried skipping options 66/67 or setting siaddr/file to 0 as
>>additional data points to report to Dell?
>
> I have tried the first. siaddr/file only.
>
> I have not tried the second. Let me try. OK, just tried. Same. Good
> suggestion however.
At least it's another datapoint for Dell.
>>> (BTW, I'm using the embedded Broadcom NIC that comes w/ the R710). I
> have
>>> flashed the BIOS and NIC firmware up to latest from vendor.
>>
>>Vendor being Dell, I hope? Are you on the latest R710 firmwares as
>>can be obtained with the USC (a special onboard UEFI boot to load
>>firmware and perform basic configs)? Have you checked if any newer
>>firmwares might be posted on Dell's support site?
>
> Yes, correct. (Spot-on terminology.) I used the USC to inventory all
> the various firmware on system. Then I went to dell.com to see the
> latest version. I was back-rev on a couple, so I used USC to flash to
> latest from Dell's site for R710.
>
>>> Has anyone else ever seen this? Does anyone else do a split config?
>>
>>Can't say I've seen this behavior but a split config is pretty common
>>but recall there's two styles of split: 1) all offers/acks from 1
>>server
>
> That's what I'm doing for testing in lab. VLAN's IP helper lists one and
> only one IP address. So all offers/acks from 1 DHCP server.
You may have to consider pushing to a second ip-helper, one for
addressing, one for boot services.
>> 2) addressing from server-a and siaddr/file from server-b.
>>The latter might show different results (and would also more strongly
>>affirm a bug).
>
> I'm not clear I understand this. I'm googling. Is it like this?
>
> http://blogs.technet.com/b/dominikheinz/archive/2011/03/18/dhcp-amp-pxe-basics.aspx
>
> Where instead of D-O-R-A, it does D-O-R-A-R-A?
It's more D-OO-R-A-R-A since both servers return offers and some
clients may do both Requests near-simultaneously. A common scenario
is a DHCP server and separate PXE-style boot server like WDS or SCCM.
> If I'm understanding you correctly -- you may have nailed it!
> I'm handling the first style of split only, this R710 UEFI firmware may
> want this second style of split only.
>
> Will follow-up on this w/ DHCP appliance consultant.
>
>>Have you attempted a packet capture on the DHCP server so as to assert
>>that your configuration is being interpreted in the manner you expect?
>
> Yes. I don't manage the DHCP appliances at work. (Although I have an admin
> account on this test DHCP appliance). Since it's a vendor appliance
> (that generates ISC code), I'm unable to run wireshark directly on DHCP
> appliance.
>
> But I have my PXE boot client's switch port port-mirrored to another port.
> I have a 3rd server, which is my wireshark server. It has a public NIC
> and the port-mirrored port is attached to its second NIC.
Port-Mirrors are often the easiest comprehensive way to get a packet
capture of a client (with an inline tap being best). A capture from
the DHCP server is normally the easiest to get going (and would have
been enough in this situation).
> So I'm capturing absolutely all traffic to/from client. By having wireshark
> on wireshark server listen on 2nd NIC.
>
> I've got the full wireshark captures, that's how I know it's doing the
> initial
> TFTP read request to the DHCP server's IP address, instead of the TFTP
> server's
> IP address.
But did you verify the contents of the DHCP Offer/Acknowledge packets?
> Someone else responded that 3 DHCP pools is overkill for this. I agree, but
> this DHCP appliance (BlueCat Adonis) uses a GUI that generates the ISC code
> in the back-end.
>
> The vendor (BlueCat) recommends not mucking with the back-end ISC code, but
> rather to use the front-end GUI. By defining 3 DHCP Match classes, I'm able
> to implement this with 3 DHCP pools. Inherit most of the DHCP options from
> super-scope, update only specific DHCP options unique to each of my 3 pools.
>
> At my house, I'm using raw ISC code with a Linux dhcp3-server. At my house,
> it works. Simple D-O-R-A, then TFTP to TFTP server. Aka 1st split.
But the two are very different test environments. Any chance of
testing a VMware-based VM at VMHWv10 at work?
> 1. I need to look at the vendor's raw ISC code for my UEFI pool to verify
> its
> GUI is writing correct ISC code. I'll do that tomorrow, with the
> consultant.
Check the packets.
> 2. Outside of that, I'm looking at cabling a newer test server to that
> specific
> switch port that's port mirrrored.
>
> 3. Will definitely talk to vendor about 2nd style of split. That may be it!
Check the packets.
--
-Gene
More information about the Syslinux
mailing list