我正在考虑设置一个主 DHCP 服务器,提供“IP 数据”(IP 地址、子网掩码、DNS 等),以及一个仅提供 PXE 启动选项的代理 DHCP 服务器。实际上,我的代理 DHCP 服务器没有仅有的提供 PXE 选项,但还IP 数据(因此它实际上并不是一个代理 DHCP)。
使用Wireshark,我现在观察到:
- 客户端(PXE-ROM)发送“扩展”
DHCPDISCOVER
(询问IP数据和PXE选项) - 主 DHCP 服务器发送
DHCPOFFER
(仅包含 IP 数据) - 客户端不是接受
DHCPOFFER
(因为它缺少 PXE 选项?) - (稍后)proxyDHCP 服务器发送
DHCPOFFER
(带有 IP 数据和 PXE 选项) - 客户端接受第二个
DHCPOFFER
(并且 PXE 启动成功)
现在我想知道:
- 为什么客户不接受第一个
DHCPOFFER
?这对于预期的主代理设置的工作来说是强制性的——否则客户端如何获取其 IP 数据? - 如果这一切都与请求和提供的 DHCP 选项有关:哪些特定的缺失选项会导致客户端忽略该提议?
DHCPOFFER
当服务器知道它无法提供所有选项并且客户端DHCPOFFER
无论如何都不会接受时,为什么还要费心发送?
客户要求:
Ethernet II, Src: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xcf952d8d
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Option: (57) Maximum DHCP Message Size
Option: (55) Parameter Request List
Length: 35
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (2) Time Offset
Parameter Request List Item: (3) Router
Parameter Request List Item: (4) Time Server
Parameter Request List Item: (5) Name Server
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (12) Host Name
Parameter Request List Item: (13) Boot File Size
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (17) Root Path
Parameter Request List Item: (18) Extensions Path
Parameter Request List Item: (22) Maximum Datagram Reassembly Size
Parameter Request List Item: (23) Default IP Time-to-Live
Parameter Request List Item: (28) Broadcast Address
Parameter Request List Item: (40) Network Information Service Domain
Parameter Request List Item: (41) Network Information Service Servers
Parameter Request List Item: (42) Network Time Protocol Servers
Parameter Request List Item: (43) Vendor-Specific Information
Parameter Request List Item: (50) Requested IP Address
Parameter Request List Item: (51) IP Address Lease Time
Parameter Request List Item: (54) DHCP Server Identifier
Parameter Request List Item: (58) Renewal Time Value
Parameter Request List Item: (59) Rebinding Time Value
Parameter Request List Item: (60) Vendor class identifier
Parameter Request List Item: (66) TFTP Server Name
Parameter Request List Item: (67) Bootfile name
Parameter Request List Item: (97) UUID/GUID-based Client Identifier
Parameter Request List Item: (128) DOCSIS full security server IP [TODO]
Parameter Request List Item: (129) PXE - undefined (vendor specific)
Parameter Request List Item: (130) PXE - undefined (vendor specific)
Parameter Request List Item: (131) PXE - undefined (vendor specific)
Parameter Request List Item: (132) PXE - undefined (vendor specific)
Parameter Request List Item: (133) PXE - undefined (vendor specific)
Parameter Request List Item: (134) PXE - undefined (vendor specific)
Parameter Request List Item: (135) PXE - undefined (vendor specific)
Option: (97) UUID/GUID-based Client Identifier
Option: (94) Client Network Device Interface
Length: 3
Major Version: 3
Minor Version: 16
Option: (93) Client System Architecture
Length: 2
Client System Architecture: EFI x64 (7)
Option: (60) Vendor class identifier
Length: 32
Vendor class identifier: PXEClient:Arch:00007:UNDI:003016
Option: (255) End
(忽略)来自主 DHCP 服务器的响应(172.17.34.30 / aa:aa:aa:aa:aa:aa):
Ethernet II, Src: aa:aa:aa:aa:aa:aa (aa:aa:aa:aa:aa:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.17.34.30, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xcf952d8d
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: 0.0.0.0
Your (client) IP address: 172.17.34.1
Next server IP address: 172.17.34.30
Relay agent IP address: 0.0.0.0
Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Option: (54) DHCP Server Identifier (172.17.34.30)
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (900s) 15 minutes
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (450s) 7 minutes, 30 seconds
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (787s) 13 minutes, 7 seconds
Option: (28) Broadcast Address (172.17.63.255)
Option: (1) Subnet Mask (255.255.224.0)
Option: (255) End
(已接受)来自 proxyDHCP 服务器(172.17.61.1 / bb:bb:bb:bb:bb:bb)的响应:
Ethernet II, Src: bb:bb:bb:bb:bb:bb (bb:bb:bb:bb:bb:bb), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 172.17.61.1, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xcf952d8d
Seconds elapsed: 0
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: 0.0.0.0
Your (client) IP address: 172.17.61.61
Next server IP address: 172.17.61.1
Relay agent IP address: 0.0.0.0
Client MAC address: cc:cc:cc:cc:cc:cc (cc:cc:cc:cc:cc:cc)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Option: (54) DHCP Server Identifier (172.17.61.1)
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (600s) 10 minutes
Option: (67) Bootfile name
Length: 13
Bootfile name: syslinux.efi
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (300s) 5 minutes
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (525s) 8 minutes, 45 seconds
Option: (1) Subnet Mask (255.255.224.0)
Option: (28) Broadcast Address (172.17.63.255)
Option: (3) Router
Length: 4
Router: 172.17.61.1
Option: (6) Domain Name Server
Length: 4
Domain Name Server: 172.17.61.1
Option: (255) End
(伪装的 MAC)
答案1
被忽略的提议提供:
Your (client) IP address: 172.17.34.1 << offered IP address
Next server IP address: 172.17.34.30 << TFTP Server IP
Boot file name **not given** << NBP name
这是一个不完整的 PXE 提议(提供“下一个服务器”时缺少启动文件名),这是错误的,可能会导致客户端完全忽略该提议。
接受的报价包括:
Your (client) IP address: 172.17.61.61 << offered IP address
Next server IP address: 172.17.61.1 << TFTP Server IP
Option: (67) Bootfile name -> syslinux.efi << NBP name
这是一个完整的 PXE 提议,但还不太正确。
在这两种情况下,这些提议都是由 DHCP 服务器发送的,这里没有代理 DHCP。在 DHCP 服务器 - 代理 DHCP 场景中,DHCP 服务器仅提供 IP 信息和相关选项,而代理 DHCP 仅提供 PXE 信息
PXE 信息(在 DHCP 服务器或代理 DHCP 服务器中)要么由 DHCP 提议(首选方法)的“下一个服务器”和“文件”字段提供,要么由 DHCP 选项 66 和 67 提供,但绝不会由这两个选项的组合提供。现在您可以看到为什么即使客户端接受,所接受的提议也不完全正确。
答案2
您应该禁用代理 DHCP 服务器中的 dhcp 配置,然后尝试 pxe 客户端是否从主 DHCP 获取 IP,并从代理 dhcp 启动。当 pxe 客户端启动时,它将发送带有选项 60 的 dhcp 发现。在您的情况下,代理服务器提供选项 60。这就是 pxe 客户端接受第二个 dhcp 的原因。