[41381] in Resnet-Forum
Re: NetBoot/PXE network configuration in the enterprise
daemon@ATHENA.MIT.EDU (Tony Skalski)
Tue Sep 13 10:06:12 2016
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a1144721ec4bab0053c641b5a
Message-ID: <CAO7ix5nC0UizvUt5scyJ6-U4KrVQzTeraAM4F39vcx+sNrUn4w@mail.gmail.com>
Date: Tue, 13 Sep 2016 09:05:22 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Tony Skalski <ajs@STOLAF.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CAMFTxdShvRHz0Lt0KWJTraFuVqQyWRynpEmajqy1iYqw0pT9cw@mail.gmail.com>
--001a1144721ec4bab0053c641b5a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sounds like you're on the right track. The trade off is how much do you
want to reconfigure access switches to group machines onto to VLANs where
NetBoot/PXE works, vs. having the IP helpers on a lot of networks. Over the
years we've gone back and forth between the two: years ago we had the IP
helpers configured on most VLANs where we had lab machines. Right now, it
is more limited, but this has a little bit to do with our SCCM upgrade and
segmenting SCCM clients that have been upgraded. Can't say that I've ever
seen a problem due to lots of IP helpers configured - it's not like
machines are PXE booting that often.
We tried multicast many years ago, and decided it wasn't worth it since we
at most re-image an entire lab once a year.
Environment: 4,000 faculty, staff and students; 2,000+ college-owned
computers.
ajs
On Tue, Sep 13, 2016 at 8:35 AM, Hunter Fuller <hf0002@uah.edu> wrote:
> We aren't all that experienced in PXE, but I'm curious as to why the
> machines would need to be in a single VLAN for all this to work. Since al=
l
> the configuration is done DHCP-side, and since TFTP can be routed, I woul=
d
> say that it should work regardless of the VLAN the system is in.
>
> I would warn against using bootp for this or anything else, unless I'm
> missing something.
>
> On Tue, Sep 13, 2016 at 8:30 AM Burkhalter, Chris <
> chris.burkhalter@yale.edu> wrote:
>
>> Hi all!
>>
>>
>> I've recently started to tackle the complex issue of enterprise level
>> network booting and re-imaging for a large number of PC's and Macs en
>> masse. We here at Yale have come to the preliminary conclusion that we'l=
l
>> need to configure a virtual LAN that will span all our subnets and layer
>> 2/3 networks in order to provide sufficient co-existence for NetBoot and
>> PXE to exist and work (along with isolated multicast). Since our cluster=
s
>> physically co-exist on networks with other systems we have a particularl=
y
>> difficult set of challenges in making this work.
>>
>>
>> Being that I can't be the first person to have done or attempted this I
>> wanted to reach out and hear about everyone's experiences. Furthermore, =
if
>> you've done this successfully how was your HP/Cisco/Juniper layer 2/3
>> network equipment configured (if at all) to make this work?
>>
>>
>> Our current plan in a nutshell:
>>
>>
>> * Isolate all the systems and consolidate them in to between 4-6 subnets
>> campus wide
>>
>> * configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE
>> broadcasts
>>
>> * attempt to isolate routing for multicast (to avoid excessive routing
>> traffic)
>>
>>
>> Thoughts? Hoping to learn from other's experience :). We are interested
>> in hearing your experiences, especially those that dealt with the
>> configuration of the network to help us understand how others have done
>> this. I've found good resources on Google, but none point to specific
>> implementations and their challenges.
>>
>>
>> Many thanks, and looking forward to hearing from you!
>>
>> Best,
>>
>> Christopher M. Burkhalter =E2=80=93 ACSP, ACMT
>> DSP - Public Computing Services,
>> Office of Medical Education
>>
>> Yale University I.T.S.
>> 203-500-3942
>> ___________________________________________________ You are subscribed
>> to the ResNet-L mailing list.
>>
>> To subscribe, unsubscribe or search the archives, go to
>> http://LISTSERV.ND.EDU/archives/resnet-l.html
>> ___________________________________________________
>>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
--=20
Tony Skalski
Systems Administrator
ajs@stolaf.edu
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN 55057-1097
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a1144721ec4bab0053c641b5a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Sounds like you're on the right track. The trade off i=
s how much do you want to reconfigure access switches to group machines ont=
o to VLANs where NetBoot/PXE works, vs. having the IP helpers on a lot of n=
etworks. Over the years we've gone back and forth between the two: year=
s ago we had the IP helpers configured on most VLANs where we had lab machi=
nes. Right now, it is more limited, but this has a little bit to do with ou=
r SCCM upgrade and segmenting SCCM clients that have been upgraded. Can'=
;t say that I've ever seen a problem due to lots of IP helpers configur=
ed - it's not like machines are PXE booting that often.<div><br></div><=
div>We tried multicast many years ago, and decided it wasn't worth it s=
ince we at most re-image an entire lab once a year.<br><div><br></div><div>=
Environment: 4,000 faculty, staff and students; 2,000+ college-owned comput=
ers.</div><div><br></div><div>ajs</div></div></div><div class=3D"gmail_extr=
a"><br><div class=3D"gmail_quote">On Tue, Sep 13, 2016 at 8:35 AM, Hunter F=
uller <span dir=3D"ltr"><<a href=3D"mailto:hf0002@uah.edu" target=3D"_bl=
ank">hf0002@uah.edu</a>></span> wrote:<br><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><div dir=3D"ltr">We aren't all that experienced in PXE, but I'm cu=
rious as to why the machines would need to be in a single VLAN for all this=
to work. Since all the configuration is done DHCP-side, and since TFTP can=
be routed, I would say that it should work regardless of the VLAN the syst=
em is in.<div><br></div><div>I would warn against using bootp for this or a=
nything else, unless I'm missing something.</div></div><div class=3D"HO=
EnZb"><div class=3D"h5"><br><div class=3D"gmail_quote"><div dir=3D"ltr">On =
Tue, Sep 13, 2016 at 8:30 AM Burkhalter, Chris <<a href=3D"mailto:chris.=
burkhalter@yale.edu" target=3D"_blank">chris.burkhalter@yale.edu</a>> wr=
ote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr">
<div style=3D"font-size:12pt;color:#000000;background-color:#ffffff;font-fa=
mily:Calibri,Arial,Helvetica,sans-serif">
<p>Hi all!</p>
<p><br>
</p>
<p>I've recently started to tackle the complex issue of enterprise leve=
l network booting and re-imaging for a large number of PC's and Macs en=
masse. We here at Yale have come to the=C2=A0preliminary=C2=A0conclusion t=
hat we'll need to configure a virtual LAN that will
span all our subnets and layer 2/3 networks in order to provide sufficient=
co-existence for NetBoot and PXE to exist and work (along with isolated mu=
lticast). Since our clusters physically co-exist on networks with other sys=
tems we have a particularly difficult=C2=A0set
of challenges in making this work.</p>
<p><br>
</p>
<p>Being that I can't be the first person to have done or=C2=A0attempte=
d this I wanted to reach out and hear about everyone's experiences.=C2=
=A0Furthermore, if you've done this successfully how was your HP/Cisco/=
Juniper layer 2/3 network equipment=C2=A0configured=C2=A0<span style=3D"fon=
t-family:Calibri,Arial,Helvetica,sans-serif,"Apple Color Emoji",&=
quot;Segoe UI Emoji",NotoColorEmoji,"Segoe UI Symbol","=
Android Emoji",EmojiSymbols;font-size:16px">(if
at all)</span> to make this work?=C2=A0</p>
<p><br>
</p>
<p>Our current plan in a nutshell:</p>
<p><br>
</p>
<p>* Isolate all the systems and consolidate them in to between 4-6 subnets=
campus wide</p>
<p>* configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE br=
oadcasts</p>
<p>* attempt to isolate routing for multicast (to avoid excessive routing t=
raffic)</p>
<p><br>
</p>
<p>Thoughts? Hoping to learn from other's experience=C2=A0:). We are in=
terested in hearing your experiences, especially those that dealt with the =
configuration of the network to help us understand how others have done thi=
s. I've found good resources on Google, but
none point to specific implementations and their challenges.</p>
<p><br>
</p>
<p>Many thanks, and looking forward to hearing from you!</p>
<div>
<div style=3D"font-size:12pt;color:#000000;background-color:#ffffff;font-fa=
mily:Calibri,Arial,Helvetica,sans-serif">
<div style=3D"font-size:13px;font-family:Tahoma">
<div style=3D"font-size:13px;font-family:Tahoma"><br>
Best,<br>
=C2=A0<br>
Christopher M. Burkhalter =E2=80=93 ACSP, ACMT<br>
DSP - Public Computing Services,<br>
Office of Medical Education<br>
</div>
<div style=3D"font-size:13px;font-family:Tahoma">=C2=A0</div>
<div style=3D"font-size:13px;font-family:Tahoma">Yale University I.T.S.<br>
<a href=3D"tel:203-500-3942" value=3D"+12035003942" target=3D"_blank">203-5=
00-3942</a></div>
</div>
</div>
</div>
</div>
</div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- =
<br><div class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div =
dir=3D"ltr">Tony Skalski<br>Systems Administrator<br><a href=3D"mailto:ajs@=
stolaf.edu" target=3D"_blank">ajs@stolaf.edu</a><br>507-786-3227<br>St. Ola=
f College<br>Information Technology<br>1510 St. Olaf Avenue<br>Northfield, =
MN =C2=A0 =C2=A055057-1097<br><div><div><br></div></div></div></div>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a1144721ec4bab0053c641b5a--
