PXE for network engineers

As a network engineer, you might receive a request from your colleagues probably Desktop team to configure network devices for PXE server. If you don’t know what PXE, how it works and configured, I will try to answer those questions on this post. Mostly I will focus on Windows imaging which I mostly configured devices for and config outputs will be from Junos.

What is PXE?

Without going into too much details, basically it can allow a computer which has no operating system to install OS by using network connection.

What do we need to do in the network for PXE to work?

The answer depends on where the PXE client, DHCP server and PXE server where OS images are located. Below I will list some scenarios.

a) Client PC, PXE and DHCP are on the same L2 network.

This is literally the easiest setup for which you don’t really need to do any config on the network side. No not exactly -) if you have dhcp security(snooping) on this setup, make sure PXE and DHCP servers are on trusted ports for the responses not to be blocked.

Because this is the easiest setup, let’s see what happens from the start. You might need to know a bit of DORA process in DHCP.

  1. PXE-client broadcasts a DHCP packet which contains a request for both DHCP and PXE server. This is a little bit different than a usual DHCP request.
  2. Because all these devices are on the same broadcast domain, DHCP and PXE servers receive the request (this detail plays a crucial role in other network setups, so keep this in mind)without needing any extra configuration. Here DHCP server responds to the client that it is DHCP server
  3. PXE server also sends a reply packet to the client that it is a boot server.
  4. PXE-client asks DHCP server for an IP address
  5. DHCP server offers an IP address
  6. Here on this step PXE-client has an IP so it can contact the PXE-server. It asks for the path of the NBP (Network Booth Program) to download
  7. PXE server responds with NBP path
  8. PXE-client downloads the file and runs the program after which you see that installation goes through.

    The important thing is that all of these steps must work in order especially step 3 and 4 are crucial. If you see that client doesn’t download anything, start from the first step and see which result you don’t get.

b) Client PC, PXE and DHCP servers are on different L3 networks.

This is where you as a network engineer need to do something and might have a fight with the desktop teams but before this I need to give you some tips which might save you some time:

  • In a setup like this make sure there is no IP fragmentation between client and servers because pxe-clients are sort of dummy and can’t re-assemble fragments. If you have such an issue, you can still do fragmentation re-assembly on firewalls but better to avoid.
  • Don’t play with the DHCP options on DHCP server side. Check the article here, it is not recommended.

Now what you see on this new setup is that pxe-client is on a different Layer3 segment than DHCP and PXE server. This doesn’t have to be exactly like this though. DHCP and PXE might be on the same L3 segment as well but bottom line is that client and servers are on different subnets. On this setup:

  • router should relay the DHCP request to both DHCP server and PXE server
  • PXE client should receive an IP on the range of 10.1.1.0/24
> show configuration forwarding-options dhcp-relay
 
overrides {
    delete-binding-on-renegotiation;
}
server-group {
    dhcp-group-1{
        172.16.1.10;
        192.168.1.10;
    }
group relay1 {
 
    active-server-group dhcp-group-1;
    interface vlan.10;
 
}

This is a complete config which should help client to get its image if nothing else is wrong. A few points I want to take your attention to is:

  • delete-binding-on-renegotiation is somewhat a required option for PXE environments. Check the juniper article for more details
  • 192.168.1.10 is in the list of DHCP servers, this shouldn’t mislead you. It is not wrong, junos will relay the special request to the PXE server as well. Don’t worry about it.

I think in some older junos releases config is different and not all the options are available. In an older version you may need to do the following config;

> show configuration forwarding-options
helpers {
    bootp {
        interface {
            vlan.10 {
                server 172.16.1.10;
                server 192.168.1.10;
            }
        }
    }
}

It is highly likely that you might experience a problem e.g either the DHCP is not configured properly or PXE server maybe DHCP relay has an issue. If that happens, go back to the PXE steps and try to understand what is wrong. Here is a nice article which might help you at troubleshooting at Microsoft site as well. Happy pxeing!

Tags:

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


3 thoughts on “PXE for network engineers”

    1. hi,
      to be honest I never liked SRX as DHCP server and in my setups I direct them to an external DHCP server (Windows,Linux) as much as possible. I haven’t got so much experience on different booting but I will update the post once I get a chance.

      1. Thanks for replying. The 240 is in my home and I want to avoid having DHCP outside the appliance purely for convenience and WAF. My guess is the SRX’s DHCP server needs to relay DHCP options 93/60 but am not sure how to do that.

Leave a Reply to KLCancel reply

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading