Co-existence between your existing production DHCP server and Provisioner PXE Server's DHCP server on the same subnet

 

The Provisioner PXE Server installs a non-authoritative DHCP server (a DHCP server that doesn't serve IP addresses except those in a designated bootp range, and these IPs are active only when provisioning or imaging occurs.)

 

Your other, existing/production authoritative DHCP server needs to forward PXE boot requests to LBMP's IP address, and needs to make sure that it doesn't serve IP addresses in the Provisioner PXE Server's designated bootp range.

 

When configured properly, both DHCP servers will co-exist without problems: your production DHCP server continues to issue IP addresses, and the Provisioner PXE Server's DHCP server handles PXE boot request and issues temporary IP addresses in the smaller bootp range.

 

 

Recommended approach: switching client systems from production VLANs to the Provisioning/Imaging VLAN, and back

 

By definition, a client system on a VLAN different from the Provisioner PXE Server VLAN cannot see the Provisioner PXE Server. This is by VLAN design for security and isolation.

 

Place your Provisioner PXE Server on a dedicated VLAN ("Provisioning VLAN"). Before provisioning or imaging a client system that resides on a different VLAN (Production VLAN), change the client system from the Production VLAN to the Provisioning VLAN, using your programmable switch.

 

When the system has been provisioned or imaged, switch the client system from the Provisioning VLAN back to the Production VLAN, again using your programmable switch.

 

Using an automation orchestrator (such as the Cisco Process Orchestrator) or a control panel, in conjunction with the API (Application Programming Interface), makes this process fully automated and transparent.

 

 

VLAN/LAN Considerations

 

To service PXE boot requests the Provisioner PXE Server contains an active non-authoritative DHCP server. This DHCP is configured to service PXE requests over a range of IP addresses on the LAN subnet the Provisioner PXE Server is running on. The IP range is the maximum number of provisioning and/or imaging events that can run concurrently. The DHCP leases for this range of IPs are short in duration and the IPs are reused. The Provisioner PXE Server's default range is .151 to .200 set for 50 concurrent provisioning or imaging events.

 

There are many ways to configure the Provisioner PXE Server's DHCP from a single LAN subnet to complex topologies spanning multiple LANs. Note that VLANs and LANs are interchangeable and usually require no additional configurations. Example A below shows the Provisioner PXE Server's default installed configuration.  

All involved DHCP instances must allow and forward PXE boot requests to the Provisioner PXE Server's IP address: this includes the Provisioner PXE Server DHCP and the DHCP services of other LANs and VLANs when multiple subnets are being serviced by the Provisioner PXE Server.

 

A common Provisioner PXE Server install configuration uses dual NIC connections to two LANs. The Provisioner PXE Server has Internet access via one NIC and the provisioning/imaging events run on the other NIC with no internet access, often a 10-dot subnet. This avoids all DHCP conflicts since the Provisioner PXE Server DHCP is the only DHCP service on the subnet that services Provisioner PXE Server PXE events. This configuration is achieved by proper configuration of the two NICs prior to installing Provisioner PXE Server and selecting the desired NIC/eth# during the Provisioner PXE Server install.    

When two NIC connections are not viable, the recommended option is to dedicate a subnet for Provisioner PXE Server processing. See example B below.

 

•Note 1: All DHCP syntax examples are in Red Hat/CentOS Linux DHCP syntax as located in /etc/dhcpd.conf

•Note 2: The Provisioner PXE Server server is assumed to be on the 192.168.1.0 subnet at 192.168.1.50 with the default IP range of 192.168.1.151 to 192.168.1.200

•Note 3: All involved DHCP instances must have PXE requests forwarded to the Provisioner PXE Server IP

•Note 4: With multiple (V)LANs, the PXE request forward must be configured included in each subnet's DHCP. This allows PXE boot and forwards PXE requests to the Provisioner PXE Server IP. The booting client system will become a temporary member of the Provisioner PXE Server subnet (assigned an IP address in the Provisioner PXE Server default IP range). Qualified MAC-Specific or MAC-Independent (menu-selected) events will be performed using a temporary IP assigned by the Provisioner PXE Server. The post-event reboot will return the server to its originating or role designated subnet configuration. If there are firewall issues between the (V)LANs you may need to make adjustments to allow access.