Troubleshooting PXE Boot with Network Protocol Analyzer

Documentation

Maintenance & Performance

000006544

02/12/2020

Solution:

This information does not detail the failures that might cause PXE boot to fail. This document provides background on the requirements of a successful PXE boot and describes what happens when no PXE Server is available.

The PXE remote boot process is based on the DHCP protocol. To understand how PXE works, you must first have a basic understanding of DHCP.


DHCP

DHCP is based on bootstrap protocol, commonly called BootP, which allows systems to get an IP address and remote boot from the network. DHCP adds features, such as dynamic IP addressing and option fields for passing system information.

The DHCP process starts with a client requesting an address using a DHCP DISCOVER message. The DISCOVER message is a UDP packet with a source port of 68 (defined as Bootpc, for Bootp client) and a destination port of 67 (defined as Bootps, for Bootp server). The DISCOVER message has the MAC address of the requesting node as the source MAC address, and a broadcast (all F’s) as the destination MAC address. The source IP address is 0.0.0.0 and the destination IP address is 255.255.255.255 (broadcast). As a minimum, the request includes the following options.

  • Option 55 (Parameter request list)
  • Option 1 (subnet mask)
  • Option 3 (router)
  • Option 6 (Domain Name Server)

One or more DHCP servers should respond with a DHCP OFFER. The DHCP OFFER message is a UDP packet with the MAC address of the client requesting service as the destination address. The ports should be the opposite of the original request (source port should be 67, destination port should be 68). The source IP address is the address of the server tendering the offer, and the destination IP address is a broadcast. This offer will include a proposed IP address plus responses to the requested optional parameters.

The client responds to one of the offers with a DHCP REQUEST. The REQUEST message is a UDP packet similar to the DISCOVER message and uses the same source and destination ports and addresses and requests the same parameters.

The server responds with a DHCP ACK (acknowledgement) with all of the information requested. The ACK message is a UDP packet similar to the offer message and has the optional information requested.


PXE extensions to DHCP

The PXE boot process extends the DHCP protocol by adding information needed to remote boot a computer. That information includes the client vendor and class enabling the PXE server to select a client-specific image.

The system requesting a PXE boot uses the DHCP DISCOVER message to identify its vendor and machine class and to request the location and file name of an image file. The PXE client identifies its vendor and class of machine because there might be multiple images available through the PXE servers.

The DHCP DISCOVER message from the PXE client includes the following optional parameter requests:

  • 60 – Vendor class identifier
  • 66 – TFTP server name (a request for the name of the TFTP server hosting the boot image)
  • 67 – Bootfile name (the name of the image file to download)


Examining an Ethereal* or Wireshark* trace of a PXE boot

A PXE boot process involves many exchanges.

  1. The PXE client sends a DHCP DISCOVER with the PXE options filled in.
  2. The DHCP server responds with a DHCP OFFER with TCP/IP parameters.
  3. The PXE client replies with a DHCP REQUEST
  4. The DHCP server responds with a DHCP ACK.
  5. If the DHCP server is also the PXE server, the DHCP ACK usually has the TFTP server name and boot file name. If the PXE server is a different system, there is a separate exchange of requests and replies between the PXE server and the PXE client following the initial DHCP process.
    Note
    • If the initial DHCP exchange does not have the TFTP server name and boot file name, look in the trace until you see a successful DHCP ACK with these two options completed.
    • After the PXE client receives an acknowledgement with the TFTP server name and boot file name, the client connects to the TFTP server with a TFTP read request that includes the name of the boot file.
    • A TFTP session is established and continues until the file transfer completes.

Figure 1 is a screen shot of an Ethereal capture of a DHCP DISCOVER message from a PXE client. Note that option 55 (parameter request list) is highlighted, and the parameters that are being requested are listed.

The parameters also include a request for a TFTP server name (option 66) and a boot file name (option 67). Option 60, the vendor class identifier is also requested. A response to the request is optional and is used to inform the client that the PXE server is on a different server than the DHCP server (a DHCP proxy is in use).

DHCP DISCOVER
Figure 1. DHCP DISCOVER

 

Figure 2 shows the DHCP ACK response to the DHCP REQUEST. The DHCP ACK includes the same options you would observe in the DHCP OFFER. Note that the TFTP server and boot file name are included in the packet when a DHCP transaction succeeds.

DHCP ACK
Figure 2. DHCP ACK

 

A successful DHCP exchange is followed by a TFTP session starting with a TFTP read request. Figure 3 shows the start of a TFTP session.

TFTP Session
Figure 3. TFTP Session.

 

Figure 4 shows a trace from a failed PXE boot because no PXE server is present. Although the PXE client requested a TFTP server name (option 66) and boot file name (option 67), the DHCP OFFER shown does not include option 66 or 67. In this case, the PXE client makes repeated DHCP DISCOVER requests followed by DHCP OFFER responses that do not have the options needed to complete the PXE boot operation.

DHCP OFFER
Figure 4. DHCP OFFER
Where no PXE Server is available