[41421] in Resnet-Forum
Re: NetBoot/PXE network configuration in the enterprise
daemon@ATHENA.MIT.EDU (Burkhalter, Chris)
Wed Oct 12 10:50:28 2016
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_CY1PR0801MB16422CD49637F6E6CEAD95A0F4FE0CY1PR0801MB1642_"
MIME-Version: 1.0
Message-ID: <CY1PR0801MB16422CD49637F6E6CEAD95A0F4FE0@CY1PR0801MB1642.namprd08.prod.outlook.com>
Date: Wed, 12 Oct 2016 14:47:03 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Burkhalter, Chris" <chris.burkhalter@YALE.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CAMFTxdShvRHz0Lt0KWJTraFuVqQyWRynpEmajqy1iYqw0pT9cw@mail.gmail.com>
--_000_CY1PR0801MB16422CD49637F6E6CEAD95A0F4FE0CY1PR0801MB1642_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi All!
I wanted to follow up with our progress on this.
We've allocated ~ 1000 addresses on a new subnet for all our cluster machin=
es. Since our routing INF makes VLAN isolation impractical at that scale (d=
ue to routing), we'll likely end up with location-based VLANs and subnets. =
While this requires a bit more work, it also removes single points of failu=
re and allows us to tailor the networks in question to a more granular leve=
l.
It's not fully built yet, but we're making steady (and slow) progress. Than=
ks to all for the feedback - it's been super valuable for us, and hopefully=
for others as well. I'll report back with more meaningful progress as it's=
made.
Best,
Christopher M. Burkhalter - ACSP, ACMT
DSP - Public Computing Services,
Office of Medical Education
Apple GSX Lead Admin
Yale University I.T.S.
203-500-3942
________________________________
From: Resnet Forum <RESNET-L@LISTSERV.ND.EDU> on behalf of Hunter Fuller <h=
f0002@UAH.EDU>
Sent: Tuesday, September 13, 2016 9:35 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: NetBoot/PXE network configuration in the enterprise
We aren't all that experienced in PXE, but I'm curious as to why the machin=
es would need to be in a single VLAN for all this to work. Since all the co=
nfiguration is done DHCP-side, and since TFTP can be routed, I would say th=
at it should work regardless of the VLAN the system is in.
I would warn against using bootp for this or anything else, unless I'm miss=
ing something.
On Tue, Sep 13, 2016 at 8:30 AM Burkhalter, Chris <chris.burkhalter@yale.ed=
u<mailto:chris.burkhalter@yale.edu>> wrote:
Hi all!
I've recently started to tackle the complex issue of enterprise level netwo=
rk booting and re-imaging for a large number of PC's and Macs en masse. We =
here at Yale have come to the preliminary conclusion that we'll need to con=
figure a virtual LAN that will span all our subnets and layer 2/3 networks =
in order to provide sufficient co-existence for NetBoot and PXE to exist an=
d work (along with isolated multicast). Since our clusters physically co-ex=
ist on networks with other systems we have a particularly difficult set of =
challenges in making this work.
Being that I can't be the first person to have done or attempted this I wan=
ted to reach out and hear about everyone's experiences. Furthermore, if you=
've done this successfully how was your HP/Cisco/Juniper layer 2/3 network =
equipment configured (if at all) to make this work?
Our current plan in a nutshell:
* Isolate all the systems and consolidate them in to between 4-6 subnets ca=
mpus wide
* configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE broad=
casts
* attempt to isolate routing for multicast (to avoid excessive routing traf=
fic)
Thoughts? Hoping to learn from other's experience :). We are interested in =
hearing your experiences, especially those that dealt with the configuratio=
n of the network to help us understand how others have done this. I've foun=
d good resources on Google, but none point to specific implementations and =
their challenges.
Many thanks, and looking forward to hearing from you!
Best,
Christopher M. Burkhalter - ACSP, ACMT
DSP - Public Computing Services,
Office of Medical Education
Yale University I.T.S.
203-500-3942
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html<https://urldefense.proofpoint.com/v2/url?u=3Dhtt=
p-3A__LISTSERV.ND.EDU_archives_resnet-2Dl.html&d=3DCwMFaQ&c=3D-dg2m7zWuuDZ0=
MUcV7Sdqw&r=3DNuXfGXShRb6wJubz03gRAqunMwwany2fs7HqTbMdK0s&m=3DG2k1mR_Xoarf-=
AFNO-gWnM7rzoO83RKRW8nOZBgq5YQ&s=3DAgybcElFe2rxLr1W3EqAj8TAYAWYRe96iuxU3Atw=
o5w&e=3D> ___________________________________________________
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html<https://urldefense.proofpoint.com/v2/url?u=3Dhtt=
p-3A__LISTSERV.ND.EDU_archives_resnet-2Dl.html&d=3DCwMFaQ&c=3D-dg2m7zWuuDZ0=
MUcV7Sdqw&r=3DNuXfGXShRb6wJubz03gRAqunMwwany2fs7HqTbMdK0s&m=3DG2k1mR_Xoarf-=
AFNO-gWnM7rzoO83RKRW8nOZBgq5YQ&s=3DAgybcElFe2rxLr1W3EqAj8TAYAWYRe96iuxU3Atw=
o5w&e=3D> ___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_CY1PR0801MB16422CD49637F6E6CEAD95A0F4FE0CY1PR0801MB1642_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; ba=
ckground-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
Hi All!<br>
<br>
I wanted to follow up with our progress on this. <br>
<br>
We've allocated ~ 1000 addresses on a new subnet for all our cluster machin=
es. Since our routing INF makes VLAN isolation impractical at that scale (d=
ue to routing), we'll likely end up with location-based VLANs and subnets. =
While this requires a bit more work,
it also removes single points of failure and allows us to tailor the netwo=
rks in question to a more granular level.<br>
<br>
It's not fully built yet, but we're making steady (and slow) progress. Than=
ks to all for the feedback - it's been super valuable for us, and hopefully=
for others as well. I'll report back with more meaningful progress as it's=
made.
<br>
<div id=3D"Signature">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt; color:#000000; ba=
ckground-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div style=3D"font-size:13px; font-family:Tahoma">
<div style=3D"font-size:13px; font-family:Tahoma"><br>
Best,<br>
<br>
Christopher M. Burkhalter – ACSP, ACMT<br>
DSP - Public Computing Services,<br>
Office of Medical Education<br>
Apple GSX Lead Admin<br>
</div>
<div style=3D"font-size:13px; font-family:Tahoma">Yale University I.T.S.<br=
>
203-500-3942</div>
</div>
</div>
</div>
<br>
<br>
<div style=3D"color:rgb(0,0,0)">
<hr tabindex=3D"-1" style=3D"display:inline-block; width:98%">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font style=3D"font-size:11pt" face=
=3D"Calibri, sans-serif" color=3D"#000000"><b>From:</b> Resnet Forum <RE=
SNET-L@LISTSERV.ND.EDU> on behalf of Hunter Fuller <hf0002@UAH.EDU>=
;<br>
<b>Sent:</b> Tuesday, September 13, 2016 9:35 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> Re: NetBoot/PXE network configuration in the enterprise</fo=
nt>
<div> </div>
</div>
<div>
<div dir=3D"ltr">We aren't all that experienced in PXE, but I'm curious as =
to why the machines would need to be in a single VLAN for all this to work.=
Since all the configuration is done DHCP-side, and since TFTP can be route=
d, I would say that it should work
regardless of the VLAN the system is in.
<div><br>
</div>
<div>I would warn against using bootp for this or anything else, unless I'm=
missing something.</div>
</div>
<br>
<div class=3D"gmail_quote">
<div dir=3D"ltr">On Tue, Sep 13, 2016 at 8:30 AM Burkhalter, Chris <<a h=
ref=3D"mailto:chris.burkhalter@yale.edu">chris.burkhalter@yale.edu</a>> =
wrote:<br>
</div>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex; border-left:1=
px #ccc solid; padding-left:1ex">
<div dir=3D"ltr">
<div style=3D"font-size:12pt; color:#000000; background-color:#ffffff; font=
-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi all!</p>
<p><br>
</p>
<p>I've recently started to tackle the complex issue of enterprise level ne=
twork booting and re-imaging for a large number of PC's and Macs en masse. =
We here at Yale have come to the preliminary conclusion that we'l=
l need to configure a virtual LAN that will
span all our subnets and layer 2/3 networks in order to provide sufficient=
co-existence for NetBoot and PXE to exist and work (along with isolated mu=
lticast). Since our clusters physically co-exist on networks with other sys=
tems we have a particularly difficult set
of challenges in making this work.</p>
<p><br>
</p>
<p>Being that I can't be the first person to have done or attempted th=
is I wanted to reach out and hear about everyone's experiences. Furthe=
rmore, if you've done this successfully how was your HP/Cisco/Juniper layer=
2/3 network equipment configured <span style=3D"font-family:Cali=
bri,Arial,Helvetica,sans-serif,"Apple Color Emoji","Segoe UI=
Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji=
",EmojiSymbols; font-size:16px">(if
at all)</span> to make this work? </p>
<p><br>
</p>
<p>Our current plan in a nutshell:</p>
<p><br>
</p>
<p>* Isolate all the systems and consolidate them in to between 4-6 subnets=
campus wide</p>
<p>* configure I.P. helpers for the relaying of necessary DHCP/Bootp/PXE br=
oadcasts</p>
<p>* attempt to isolate routing for multicast (to avoid excessive routing t=
raffic)</p>
<p><br>
</p>
<p>Thoughts? Hoping to learn from other's experience :). We are intere=
sted in hearing your experiences, especially those that dealt with the conf=
iguration of the network to help us understand how others have done this. I=
've found good resources on Google, but
none point to specific implementations and their challenges.</p>
<p><br>
</p>
<p>Many thanks, and looking forward to hearing from you!</p>
<div>
<div style=3D"font-size:12pt; color:#000000; background-color:#ffffff; font=
-family:Calibri,Arial,Helvetica,sans-serif">
<div style=3D"font-size:13px; font-family:Tahoma">
<div style=3D"font-size:13px; font-family:Tahoma"><br>
Best,<br>
<br>
Christopher M. Burkhalter – ACSP, ACMT<br>
DSP - Public Computing Services,<br>
Office of Medical Education<br>
</div>
<div style=3D"font-size:13px; font-family:Tahoma"> </div>
<div style=3D"font-size:13px; font-family:Tahoma">Yale University I.T.S.<br=
>
203-500-3942</div>
</div>
</div>
</div>
</div>
</div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"https=
://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__LISTSERV.ND.EDU_archives_r=
esnet-2Dl.html&d=3DCwMFaQ&c=3D-dg2m7zWuuDZ0MUcV7Sdqw&r=3DNuXfGX=
ShRb6wJubz03gRAqunMwwany2fs7HqTbMdK0s&m=3DG2k1mR_Xoarf-AFNO-gWnM7rzoO83=
RKRW8nOZBgq5YQ&s=3DAgybcElFe2rxLr1W3EqAj8TAYAWYRe96iuxU3Atwo5w&e=3D=
" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</blockquote>
</div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"https=
://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__LISTSERV.ND.EDU_archives_r=
esnet-2Dl.html&d=3DCwMFaQ&c=3D-dg2m7zWuuDZ0MUcV7Sdqw&r=3DNuXfGX=
ShRb6wJubz03gRAqunMwwany2fs7HqTbMdK0s&m=3DG2k1mR_Xoarf-AFNO-gWnM7rzoO83=
RKRW8nOZBgq5YQ&s=3DAgybcElFe2rxLr1W3EqAj8TAYAWYRe96iuxU3Atwo5w&e=3D=
" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
</div>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_CY1PR0801MB16422CD49637F6E6CEAD95A0F4FE0CY1PR0801MB1642_--
