PXEBOOT confsued by dhcrelay -- two gids ?

Robinson Tiemuqinke hahaha_30k at yahoo.com
Fri Apr 7 06:12:20 UTC 2006 

David,

 Thanks a lot.. You are one of the greatest geniuses
I've ever met.

 my dhcrelay has only one NIC and I don't want to mess
around with mangle iptables.

 So my workaround is pretty stupid but works: I just
fire up the dhcpd service on orignal dhc relay server
with exactly the same dhcpd.conf configuration file
copied from orignal central server, Because the router
blocks dhcpd traffic, I don't need to concern that the
clients will receive reply from wrong server.

And if we change the network topology or enable dhc
traffic on routers in the future, I can just shut down
the dhcpd service on orignal dhc relay server one
minute before that.

It is quite stupid but as you said, I have no way -- I
got hundreds of these crappy pxeboot clients and I
don't like the idea to burn NIC firmware with floppies
after powering off machines one by one(Does Linux
supports firmware-burning on-line?? ). Nevetheless,
after three years these machines will be phased out
and probably are sent to somewhere I have never heard
before.

Thanks again for figuring out my problem so precisely
and quickly.



--- "David W. Hankins" <David_Hankins at isc.org> wrote:

> Ah, I understand the problem now.
> 
> The relay is leaving giaddr set to itself (what the
> server set it to),
> and pxeboot is ignoring the routers option in favor
> of the giaddr.
> 
> 
> In RFC1542, section 3.4, we find this text:
> 
>       DISCUSSION:
> 
>          The semantics of the 'giaddr' field were
> poorly defined.
>          Section 7.5 of [1] states:
> 
>            "If 'giaddr' (gateway address) is
> nonzero, then the packets
>            should be forwarded there first, in order
> to get to the
>            server."
> 
>    In that sentence, "get to" refers to
> communication from the client to
>    the server subsequent to the BOOTP exchange, such
> as a TFTP session.
>    Unfortunately, the 'giaddr' field may contain the
> address of a BOOTP
>    relay agent that is not itself an IP router
> (according to [1],
>    Section 8, fifth paragraph), in which case, it
> will be useless as a
>    first-hop for TFTP packets sent to the server
> (since, by definition,
>    non-routers don't forward datagrams at the IP
> layer).
> ...
>    To reach a non-local server, clients can obtain a
> first-hop router
>    address from the "Gateway" subfield of the
> "Vendor Information
>    Extensions" [2] (if present), or via the ICMP
> router discovery
>    protocol [5] or other similar mechanism.
> 
> 
> Have you already taken this up with the pxeboot
> people?
> 
> Looking again at RFC1542 section 4.1.2:
> 
>          All BOOTP fields MUST be preserved intact. 
> The relay agent
>          MUST NOT modify any BOOTP field of the
> BOOTREPLY message when
>          relaying it to the client.
> 
> What you want I guess is a way to set giaddr on
> BOOTREPLY for these
> older clients...precisely what that says you can't.
> 
> But in practice that shouldn't be dangerous, so I
> don't know why it
> says that except no one probably thought of it at
> the time.
> 
> But there's no way to do it right now...no option
> you can set to get
> this behaviour that I'm aware of.
> 
> 
> The only real workaround I can see from my end of
> the problem is to
> setup your relay box to ip forward.
> 
> But the pxeboot people might have better news.
> 
> -- 
> David W. Hankins		"If you don't do it right the
> first time,
> Software Engineer			you'll just have to do it
> again."
> Internet Systems Consortium, Inc.		-- Jack T.
> Hankins
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the dhcp-users mailing list