[41385] in Resnet-Forum
Re: NetBoot/PXE network configuration in the enterprise
daemon@ATHENA.MIT.EDU (Sweetser, Frank E)
Fri Sep 16 09:16:54 2016
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_CY4PR01MB24860AE59DB4B47356056CC6DBFE0CY4PR01MB2486prod_"
MIME-Version: 1.0
Message-ID: <CY4PR01MB24860AE59DB4B47356056CC6DBFE0@CY4PR01MB2486.prod.exchangelabs.com>
Date: Tue, 13 Sep 2016 15:06:29 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Sweetser, Frank E" <fs@WPI.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CY1PR0801MB1642CC734CD19E894C182EA3F4FE0@CY1PR0801MB1642.namprd08.prod.outlook.com>
--_000_CY4PR01MB24860AE59DB4B47356056CC6DBFE0CY4PR01MB2486prod_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
One thing to keep in mind - a lot of the PXE docs that I've seen assume tha=
t your DHCP server is an unconfigurable black box run by wizards from anoth=
er dimension who won't read your support tickets. To work around this, you=
can also point your IP helpers at a PXE server. Your PXE clients will smu=
sh the two sets of responses together for imaging use, while your Windows i=
mages will ignore the PXE server altogether.
What we do here instead is just add the correct DHCP options straight into =
our DHCP servers to point the PXE clients at the correct servers. The imag=
ing process takes over from there, with everything on the regular productio=
n VLAN and subnet.
There is a potential catch if you're using dynamically assigned IP addresse=
s. Because the PXE agent will present itself with a different client ident=
ifier than your operating system, it will be considered a different client =
and get a different address out of the pool. If you're using statically as=
signed addresses based off of the MAC address, though, that will win, and y=
ou should be fine.
Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong.=
" - HL Mencken
________________________________
From: Resnet Forum <RESNET-L@LISTSERV.ND.EDU> on behalf of Burkhalter, Chri=
s <chris.burkhalter@YALE.EDU>
Sent: Tuesday, September 13, 2016 9:29 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: NetBoot/PXE network configuration in the enterprise
Hi all!
I've recently started to tackle the complex issue of enterprise level netwo=
rk booting and re-imaging for a large number of PC's and Macs en masse. We =
here at Yale have come to the preliminary conclusion that we'll need to con=
figure a virtual LAN that will span all our subnets and layer 2/3 networks =
in order to provide sufficient co-existence for NetBoot and PXE to exist an=
d work (along with isolated multicast). Since our clusters physically co-ex=
ist on networks with other systems we have a particularly difficult set of =
challenges in making this work.
Being that I can't be the first person to have done or attempted this I wan=
ted to reach out and hear about everyone's experiences. Furthermore, if you=
've done this successfully how was your HP/Cisco/Juniper layer 2/3 network =
equipment configured (if at all) to make this work?
Our current plan in a nutshell:
* Isolate all the systems and consolidate them in to between 4-6 subnets ca=
mpus wide
* configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE broad=
casts
* attempt to isolate routing for multicast (to avoid excessive routing traf=
fic)
Thoughts? Hoping to learn from other's experience :). We are interested in =
hearing your experiences, especially those that dealt with the configuratio=
n of the network to help us understand how others have done this. I've foun=
d good resources on Google, but none point to specific implementations and =
their challenges.
Many thanks, and looking forward to hearing from you!
Best,
Christopher M. Burkhalter - ACSP, ACMT
DSP - Public Computing Services,
Office of Medical Education
Yale University I.T.S.
203-500-3942
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_CY4PR01MB24860AE59DB4B47356056CC6DBFE0CY4PR01MB2486prod_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;back=
ground-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>One thing to keep in mind - a lot of the PXE docs that I've seen assume =
that your DHCP server is an unconfigurable black box run by wizards from an=
other dimension who won't read your support tickets. To work around t=
his, you can also point your IP helpers
at a PXE server. Your PXE clients will smush the two sets of respons=
es together for imaging use, while your Windows images will ignore the PXE =
server altogether.</p>
<p><br>
</p>
<p>What we do here instead is just add the correct DHCP options straight in=
to our DHCP servers to point the PXE clients at the correct servers. =
The imaging process takes over from there, with everything on the regular p=
roduction VLAN and subnet.</p>
<p><br>
</p>
<p>There is a potential catch if you're using dynamically assigned IP addre=
sses. Because the PXE agent will present itself with a different clie=
nt identifier than your operating system, it will be considered a different=
client and get a different address out
of the pool. If you're using statically assigned addresses based off=
of the MAC address, though, that will win, and you should be fine.</p>
<p><br>
</p>
<div id=3D"Signature">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; ba=
ckground-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:10pt"=
>
<div class=3D"PlainText">Frank Sweetser<br>
Director of Network Operations<br>
Worcester Polytechnic Institute<br>
"For every problem, there is a solution that is simple, elegant, and w=
rong." - HL Mencken</div>
</span></font></div>
</div>
</div>
<br>
<br>
<div style=3D"color: rgb(0, 0, 0);">
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" co=
lor=3D"#000000" style=3D"font-size:11pt"><b>From:</b> Resnet Forum <RESN=
ET-L@LISTSERV.ND.EDU> on behalf of Burkhalter, Chris <chris.burkhalte=
r@YALE.EDU><br>
<b>Sent:</b> Tuesday, September 13, 2016 9:29 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> NetBoot/PXE network configuration in the enterprise</font>
<div> </div>
</div>
<div>
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; ba=
ckground-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi all!</p>
<p><br>
</p>
<p>I've recently started to tackle the complex issue of enterprise level ne=
twork booting and re-imaging for a large number of PC's and Macs en masse. =
We here at Yale have come to the preliminary conclusion that we'l=
l need to configure a virtual LAN that will
span all our subnets and layer 2/3 networks in order to provide sufficient=
co-existence for NetBoot and PXE to exist and work (along with isolated mu=
lticast). Since our clusters physically co-exist on networks with other sys=
tems we have a particularly difficult set
of challenges in making this work.</p>
<p><br>
</p>
<p>Being that I can't be the first person to have done or attempted th=
is I wanted to reach out and hear about everyone's experiences. Furthe=
rmore, if you've done this successfully how was your HP/Cisco/Juniper layer=
2/3 network equipment configured <span style=3D"font-family:Cali=
bri,Arial,Helvetica,sans-serif,"Apple Color Emoji","Segoe UI=
Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji=
",EmojiSymbols; font-size:16px">(if
at all)</span> to make this work? </p>
<p><br>
</p>
<p>Our current plan in a nutshell:</p>
<p><br>
</p>
<p>* Isolate all the systems and consolidate them in to between 4-6 subnets=
campus wide</p>
<p>* configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE br=
oadcasts</p>
<p>* attempt to isolate routing for multicast (to avoid excessive routing t=
raffic)</p>
<p><br>
</p>
<p>Thoughts? Hoping to learn from other's experience :). We are intere=
sted in hearing your experiences, especially those that dealt with the conf=
iguration of the network to help us understand how others have done this. I=
've found good resources on Google, but
none point to specific implementations and their challenges.</p>
<p><br>
</p>
<p>Many thanks, and looking forward to hearing from you!</p>
<div id=3D"Signature">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; ba=
ckground-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div style=3D"font-size:13px; font-family:Tahoma">
<div style=3D"font-size:13px; font-family:Tahoma"><br>
Best,<br>
<br>
Christopher M. Burkhalter – ACSP, ACMT<br>
DSP - Public Computing Services,<br>
Office of Medical Education<br>
</div>
<div style=3D"font-size:13px; font-family:Tahoma"> </div>
<div style=3D"font-size:13px; font-family:Tahoma">Yale University I.T.S.<br=
>
203-500-3942</div>
</div>
</div>
</div>
</div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
</div>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_CY4PR01MB24860AE59DB4B47356056CC6DBFE0CY4PR01MB2486prod_--
