带有代理 DHCP 服务器的 PXE:是什么让 DHCP 客户端接受/忽略来自主 DHCP 的提供?

带有代理 DHCP 服务器的 PXE:是什么让 DHCP 客户端接受/忽略来自主 DHCP 的提供?

我正在考虑设置一个主 DHCP 服务器,提供“IP 数据”(IP 地址、子网掩码、DNS 等),以及一个仅提供 PXE 启动选项的代理 DHCP 服务器。实际上,我的代理 DHCP 服务器没有仅有的提供 PXE 选项,但IP 数据(因此它实际上并不是一个代理 DHCP)。

使用Wireshark,我现在观察到:

  1. 客户端(PXE-ROM)发送“扩展” DHCPDISCOVER(询问IP数据和PXE选项)
  2. 主 DHCP 服务器发送DHCPOFFER(仅包含 IP 数据)
  3. 客户端不是接受DHCPOFFER(因为它缺少 PXE 选项?)
  4. (稍后)proxyDHCP 服务器发送DHCPOFFER(带有 IP 数据和 PXE 选项)
  5. 客户端接受第二个DHCPOFFER(并且 PXE 启动成功)

现在我想知道:

  • 为什么客户不接受第一个DHCPOFFER这对于预期的主代理设置的工作来说是强制性的——否则客户端如何获取其 IP 数据?
  • 如果这一切都与请求和提供的 DHCP 选项有关:哪些特定的缺失选项会导致客户端忽略该提议?DHCPOFFER当服务器知道它无法提供所有选项并且客户端DHCPOFFER无论如何都不会接受时,为什么还要费心发送?

客户要求:

Ethernet II, Src: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xcf952d8d
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
    Option: (57) Maximum DHCP Message Size
    Option: (55) Parameter Request List
        Length: 35
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (2) Time Offset
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (4) Time Server
        Parameter Request List Item: (5) Name Server
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (12) Host Name
        Parameter Request List Item: (13) Boot File Size
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (17) Root Path
        Parameter Request List Item: (18) Extensions Path
        Parameter Request List Item: (22) Maximum Datagram Reassembly Size
        Parameter Request List Item: (23) Default IP Time-to-Live
        Parameter Request List Item: (28) Broadcast Address
        Parameter Request List Item: (40) Network Information Service Domain
        Parameter Request List Item: (41) Network Information Service Servers
        Parameter Request List Item: (42) Network Time Protocol Servers
        Parameter Request List Item: (43) Vendor-Specific Information
        Parameter Request List Item: (50) Requested IP Address
        Parameter Request List Item: (51) IP Address Lease Time
        Parameter Request List Item: (54) DHCP Server Identifier
        Parameter Request List Item: (58) Renewal Time Value
        Parameter Request List Item: (59) Rebinding Time Value
        Parameter Request List Item: (60) Vendor class identifier
        Parameter Request List Item: (66) TFTP Server Name
        Parameter Request List Item: (67) Bootfile name
        Parameter Request List Item: (97) UUID/GUID-based Client Identifier
        Parameter Request List Item: (128) DOCSIS full security server IP [TODO]
        Parameter Request List Item: (129) PXE - undefined (vendor specific)
        Parameter Request List Item: (130) PXE - undefined (vendor specific)
        Parameter Request List Item: (131) PXE - undefined (vendor specific)
        Parameter Request List Item: (132) PXE - undefined (vendor specific)
        Parameter Request List Item: (133) PXE - undefined (vendor specific)
        Parameter Request List Item: (134) PXE - undefined (vendor specific)
        Parameter Request List Item: (135) PXE - undefined (vendor specific)
    Option: (97) UUID/GUID-based Client Identifier
    Option: (94) Client Network Device Interface
        Length: 3
        Major Version: 3
        Minor Version: 16
    Option: (93) Client System Architecture
        Length: 2
        Client System Architecture: EFI x64 (7)
    Option: (60) Vendor class identifier
        Length: 32
        Vendor class identifier: PXEClient:Arch:00007:UNDI:003016
    Option: (255) End

(忽略)来自主 DHCP 服务器的响应(172.17.34.30 / aa:aa:aa:aa:aa:aa):

Ethernet II, Src: aa:aa:aa:aa:aa:aa (aa:aa:aa:aa:aa:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.17.34.30, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xcf952d8d
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 172.17.34.1
    Next server IP address: 172.17.34.30
    Relay agent IP address: 0.0.0.0
    Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
    Option: (54) DHCP Server Identifier (172.17.34.30)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (900s) 15 minutes
    Option: (58) Renewal Time Value
        Length: 4
        Renewal Time Value: (450s) 7 minutes, 30 seconds
    Option: (59) Rebinding Time Value
        Length: 4
        Rebinding Time Value: (787s) 13 minutes, 7 seconds
    Option: (28) Broadcast Address (172.17.63.255)
    Option: (1) Subnet Mask (255.255.224.0)
    Option: (255) End

(已接受)来自 proxyDHCP 服务器(172.17.61.1 / bb:bb:bb:bb:bb:bb)的响应:

Ethernet II, Src: bb:bb:bb:bb:bb:bb (bb:bb:bb:bb:bb:bb), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.17.61.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xcf952d8d
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 172.17.61.61
    Next server IP address: 172.17.61.1
    Relay agent IP address: 0.0.0.0
    Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
    Option: (54) DHCP Server Identifier (172.17.61.1)
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (600s) 10 minutes
    Option: (67) Bootfile name
        Length: 13
        Bootfile name: syslinux.efi
    Option: (58) Renewal Time Value
        Length: 4
        Renewal Time Value: (300s) 5 minutes
    Option: (59) Rebinding Time Value
        Length: 4
        Rebinding Time Value: (525s) 8 minutes, 45 seconds
    Option: (1) Subnet Mask (255.255.224.0)
    Option: (28) Broadcast Address (172.17.63.255)
    Option: (3) Router
        Length: 4
        Router: 172.17.61.1
    Option: (6) Domain Name Server
        Length: 4
        Domain Name Server: 172.17.61.1
    Option: (255) End

(伪装的 MAC)

答案1

被忽略的提议提供:

Your (client) IP address: 172.17.34.1        << offered IP address
Next server IP address: 172.17.34.30         << TFTP Server IP
Boot file name **not given**                 << NBP name

这是一个不完整的 PXE 提议(提供“下一个服务器”时缺少启动文件名),这是错误的,可能会导致客户端完全忽略该提议。

接受的报价包括:

Your (client) IP address: 172.17.61.61       << offered IP address
Next server IP address: 172.17.61.1          << TFTP Server IP
Option: (67) Bootfile name -> syslinux.efi   << NBP name

这是一个完整的 PXE 提议,但还不太正确。

在这两种情况下,这些提议都是由 DHCP 服务器发送的,这里没有代理 DHCP。在 DHCP 服务器 - 代理 DHCP 场景中,DHCP 服务器仅提供 IP 信息和相关选项,而代理 DHCP 仅提供 PXE 信息

PXE 信息(在 DHCP 服务器或代理 DHCP 服务器中)要么由 DHCP 提议(首选方法)的“下一个服务器”和“文件”字段提供,要么由 DHCP 选项 66 和 67 提供,但绝不会由这两个选项的组合提供。现在您可以看到为什么即使客户端接受,所接受的提议也不完全正确。

答案2

您应该禁用代理 DHCP 服务器中的 dhcp 配置,然后尝试 pxe 客户端是否从主 DHCP 获取 IP,并从代理 dhcp 启动。当 pxe 客户端启动时,它将发送带有选项 60 的 dhcp 发现。在您的情况下,代理服务器提供选项 60。这就是 pxe 客户端接受第二个 dhcp 的原因。

相关内容