DHCP on router and BOOTP on server. Is it possible?

Glenn Satchell Glenn.Satchell at uniq.com.au
Tue Aug 4 14:53:32 UTC 2009


> >Date: Tue, 4 Aug 2009 10:27:29 +0300
> >Subject: Re: DHCP on router and BOOTP on server. Is it possible?
> >From: Dmitry Shumilin <sdv.brest at gmail.com>
> >To: Glenn Satchell <Glenn.Satchell at uniq.com.au>, Users of ISC DHCP 
<dhcp-users at lists.isc.org>
> >X-BeenThere: dhcp-users at lists.isc.org
> >
> Thanks for quick answer.
> All these ways are very smart, but not acceptable in my case.
> 1. I can't change router's configuration
> 2. There can be absolutely random PCs on network with random MAC addresses.
> 3. I can't turn off existing DHCP on router.
> 
> But, i got some idea.
> Maybe it's possible to configure DHCP client in way, so it will accept only
> requests containing netboot part OR we can configure DHCP client for accept
> only requests from specified IP or MAC (maybe by configuring DHCP client or
> using firewall in init environment if this is possible).
> Remember, that DHCP client is running on init environment. I can change
> initrd configs and re-assemble it.

You still need to mnake sure that your dhcp server either ignores
non-netboot requests, or hands them valid information.

In dhclient.conf you can use the "require" to ensure a certain option is set.

If it's in netboot as a PXE client there is one more possibility:

# Option definitions for PXE
#option space PXE;
option space PXE code width 1 length width 1 hash size 3;
option PXE.mtftp-ip code 1 = ip-address;
#option PXE.mtftp-cport code 2 = unsigned integer 16;
#option PXE.mtftp-sport code 3 = unsigned integer 16;
#option PXE.mtftp-tmout code 4 = unsigned integer 8;
#option PXE.mtftp-delay code 5 = unsigned integer 8;
#option PXE.discovery-control code 6 = unsigned integer 8;
#option PXE.discovery-mcast-addr code 7 = ip-address;

# PXE boots for jumpstarting x86 boxes
class "PXE" {
  match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
  next-server tftp-server.example.com;
  filename "pxegrub.I86PC.Solaris_10-1";
  # 10 minutes should be long enough for PXE
  max-lease-time 600;
  # don't use multicast tftp option
  vendor-option-space PXE;
  option PXE.mtftp-ip 0.0.0.0;
}

In all the pools offering dynamic IPs only allow members of PXE class.
This ensures other PCs do not get a response.

subnet ... {
	pool {
		allow members of "PXE";
		range ... ;
	}
}

regards,
-glenn

> Thanks in advance.
> 
> 2009/8/4 Glenn Satchell <Glenn.Satchell at uniq.com.au>
> 
> >
> > >Date: Mon, 3 Aug 2009 22:43:30 +0300
> > >Subject: DHCP on router and BOOTP on server. Is it possible?
> > >From: äÍÉÔÒÉÊ ûÕÍÉÌÉÎ <sdv.brest at gmail.com>
> > >To: dhcp-users at lists.isc.org
> > >X-BeenThere: dhcp-users at lists.isc.org
> > >
> > > Hi, ISC DHCP users!
> > >
> > > In short, my target is to add ability of booting thin clients from
> > netboot
> > > server (server with running on it TFTP, NFS, DHCP) without making changes
> > or
> > > disabling DHCP server running on router.
> > >
> > > Is it possible to configure DHCP server in way, so DHCP server will be
> > > responsible for providing ONLY data regarding network boot and getting
> > all
> > > other data (IP address, netmask, gateway, etc) from DHCP running on
> > router
> > > and providing all data together to client.
> >
> > Depends on how configurable your router's dhcp server is. For example,
> > in ISC dhcp you can specify thgat the tftp server is another system.
> >
> > But generally there is no way, without re-writing the code, that one
> > dhcp server can aggregate information from two different sources to
> > return a dhcp response.
> >
> > > Maybe there are some other ways of adding netboot ability to my network
> > > without changing currently running DHCP server?
> >
> > Essentially you need a way to identify netboot requests, and respond to
> > that, but ignore other dhcp requests. There are a few ways to do this
> > with ISC dhcp. So you need to see if there is some option, or a known
> > MAC address prefix you can filter against, or are they all on one
> > subnet, for example?
> >
> > Likewise on the router, it needs to ignore these clients and respond to
> > all other requests. This is the key to whether it is achievable,
> > otherwise your netboot clients will get two responses, and they get to
> > choose which one they use. The response from ISC dhcp will allow them
> > to boot, the other probably not.
> >
> > So defining a class to match your thin clients only is needed. Are they
> > all the same brand? If so then you might be able to use a common MAC
> > address prefix, eg:
> >
> > class "netboot-clients" {
> >        match if (substring(hardware, 1, 3) = aa:bb:cc);
> > }
> > subnet ( ... ) {
> >        pool {
> >                range ...
> >                allow members of "netboot-clients";
> >        }
> > }
> >
> > Note no quotes around the mac address prefix as we are doing a binary
> > comparison.
> >
> > > I got work netboot before with ISC DHCP server WITHOUT router’s DHCP and
> > now
> > > I need to make it work together with router’s DHCP.
> >
> > In the end it's probably going to be easier to just pick one dhcp
> > server or the other and go with that. Is there some political or
> > business reason why you can't have a dhcp server not running on the
> > router? Let me guess, the network guys run the dhcp service, and you've
> > just been given responsibility for all these new thin clients? :)
> >
> > > Thanks in advance.
> >
> > HTH.
> >
> > regards,
> > -glenn
> > --
> > Glenn Satchell     mailto:glenn.satchell at uniq.com.au | I telephoned the
> > Uniq Advances Pty Ltd         http://www.uniq.com.au | swine flu info
> > PO Box 70 Paddington NSW Australia 2021              | line and all I got
> > tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | was crackling.
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >




More information about the dhcp-users mailing list