iPXE

This chapter contains the following sections:

About iPXE

iPXE is an open source network boot firmware. iPXE is based on gPXE, which is an open-source PXE client firmware and bootloader derived from Etherboot. Standard PXE clients use TFTP to transfer data, whereas gPXE supports additional protocols.

Here is a list of additional features that iPXE provides over standard PXE:

  • Boots from a web server via HTTP, iSCSI SAN, FCoE, etc.,

  • Supports both IPv4 and IPv6,

  • Netboot supports HTTP/TFTP, IPv4, and IPv6,

  • Supports embedded scripts into the image or served by the HTTP/TFTP, etc., and

  • Supports stateless address auto-configuration (SLAAC) and stateful IP auto-configuration variants for DHCPv6. iPXE supports boot URI and parameters for DHCPv6 options. This depends on IPv6 router advertisement.

In addition, we have disabled some of the existing features from iPXE for security reasons such as:

  • Boot support for standard Linux image format such as bzImage+initramfs/initrd, or ISO, etc.,

  • Unused network boot options such as FCoE, iSCSI SAN, Wireless, etc., and

  • Loading of unsupported NBP (such as syslinux/pxelinux) because these might boot system images that are not properly code-signed.

Netboot Requirements

The primary requirements are:

  • A DHCP server with proper configuration.

  • A TFTP/HTTP server.

  • Enough space on the device's bootflash because NX-OS downloads the image when the device is PXE booted.

  • IPv4/IPv6 support—for better deployment flexibility

Guidelines and Limitations

PXE has the following configuration guidelines and limitations:

  • While auto-booting through iPXE, there is a window of three seconds where you can enter Ctrl+B to exit out of the PXE boot. The system prompts you with the following options: 

    Please choose a bootloader shell:
1). GRUB shell
2). PXE shell
Enter your choice:

  • HTTP image download vs. TFTP—TFTP is UDP based and it can be problematic if packet loss starts appearing. TCP is a window-based protocol and handles bandwidth sharing/losses better. As a result, TCP-based protocols support is more suitable given the sizes of the Cisco NX-OS images which are over 250 Mb.

  • iPXE only allows/boots Cisco signed NBI images. Other standard image format support is disabled for security reasons.

Notes for iPXE

DHCP server installation

DHCP is not installed in the server by default. You can verify DHCP server installation with the service dhcpd status command. 


[switch etc]# service dhcpd status 
dhcpd: unrecognized service  /* indicates that dhcp server is not installed */

You can install DHCP with the yum install dhcp command.


Note

Root credentials are required for installing the DHCP server. 


[switch etc]# yum install dhcp
Repository base is listed more than once in the configuration
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package dhcp.x86_64 12:3.0.5-23.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved
=============================================================================================
 Package         Arch              Version                      Repository              Size
=============================================================================================
Installing:
 dhcp            x86_64            12:3.0.5-23.el5              workstation            883 k

Transaction Summary
=============================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 883 k
Is this ok [y/N]: y
Downloading Packages:
dhcp-3.0.5-23.el5.x86_64.rpm                                          | 883 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : dhcp                                                                  1/1
Installed:
  dhcp.x86_64 12:3.0.5-23.el5

Complete!
[switch etc]#

Adding a configuration to the DHCP server

After the DHCP server is installed, the configuration file in located at /etc/dhcpd.conf.

The following is an example of the dhcpd.conf file. 


-------------------------------------------------------------------------------------------------------------------
 # Set the amount of time in seconds that  a client may keep the IP address
default-lease-time 300;
max-lease-time 7200;
one-lease-per-client true;

#Indicate the preferred interface that your DHCP server listens only to that interface and to no other . Preferred interface should be added to the DHCPDARGS variable 
DHCPDARGS=eth0

#A subnet section is generated for each of the interfaces present on your Linux system
subnet 10.0.00.0 netmask 255.255.255.0 {

# The range of IP addresses the server will issue to DHCP enabled PC clients booting up on the network
  range 10.0.00.2 10.0.00.100;

#Address of the preferred inteface 
  next-server 10.0.00.4;
 
#The default gateway to be used
  option routers 10.0.00.254;
 
#The file path where the  ipxe boot looks for the image 
  filename = "http://10.0.00.4/pxe/dummy";   
#  (http://10.0.00.4 points to the httpd service path mentioned in DocumentRoot variable
#   at /etc/httpd/conf/httpd.conf ) . 
# By default it points to "DocumentRoot "/var/www/html"  (Refer the HTTP service section)

  option domain-name "cisco.com";
  option domain-name-servers 100.00.000.183;

host  Nexus {
        hardware ethernet e4:c7:22:bd:c4:f9;
        fixed-address 10.0.00.42;
        filename = "http://10.0.00.4/ipxe/nxos-image.bin";  

host Nexus {
          hardware ethernet 64:f6:9d:07:52:f7;
          fixed-address 10.0.00.8;
          filename = "tftp://100.00.000.48/nxos-image.bin";    
-------------------------------------------------------------------------------------------------------------------

Managing the DHCP service


Note

After installing the DHCP service, you need to initiate the service.

  • Verifying the DHCP service 

    
[switch etc]# service dhcpd status
dhcpd is stopped

  • Starting the DHCP service 

    
[switch etc]#  service dhcpd start
Starting dhcpd:                                            [ok]

  • Stopping the DHCP service 

    
[switch etc]# service dhcpd stop
Stopping dhcpd:                                            [ok]

  • Restarting the DHCP service


    Note

    When the DHCP configuration file /etc/dhcpd.conf is updated, you need to restart the service. 

    
[switch etc]# service dhcpd restart
Starting dhcpd:                                            [ok]

Managing the HTTP server

  • HTTP server installation 

    
[switch conf]# yum install httpd

  • Starting the HTTP service 

    
[switch conf]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, 
using 100.00.000.127 for ServerName
                                                           [  OK  ]

  • Stopping the HTTP service 

    
[switch conf]# service httpd stop
Stopping httpd:                                            [  OK  ]

  • Restarting the HTTP service 

    
[switch conf]# service httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, 
using 100.00.000.127 for ServerName
                                                           [  OK  ]

  • Verifying the HTTP status 

    
[switch conf]#  service httpd status
httpd (pid  23032) is running...

    Note

    The HTTP configuration file is located at /etc/httpd/conf/httpd.conf.


    Note

    • DocumentRoot: The directory out of which you will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations.

    • DocumentRoot /var/www/html

      The DocumentRoot variable contains the path that represents the http://<ip_add> field in the dhcpd.conf file with the filename variable.

      The following is an example: 

      
host  Nexus {
        hardware ethernet e4:c7:22:bd:c4:f9;
        fixed-address 10.0.00.42;
        filename =  "http://10.0.00.4/ipxe/nxos-image.bin";

      The filename path redirects to the location /var/www/html/ipxe/nxos-image.bin, where the ipxe bootup looks for the image .

  • TFTP server installation 

    
[switch conf]# yum install tftp

    The TFTP configuration file located at /etc/xinetd.d/tftp.

    The following is an example of a TFTP configuration file: 

    
[switch xinetd.d]# cat tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        disable = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot        # Indicates the tftp path 
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

  • Stopping the TFTP service 

    
[switch xinetd.d]# chkconfig tftp off

  • Starting the TFTP service 

    
[switch xinetd.d]# chkconfig tftp on

    Note

    When you change the TFTP configuration file, you need to restart the TFTP service. 

    
host Nexus {
          hardware ethernet 64:f6:9d:07:52:f7;
          fixed-address 10.0.00.8;
          filename = "tftp://100.00.000.48/nxos-image.bin";

    Note

    A prerequisite is that the nxos_image.bin has to be copied to /tftpboot shown in the above example TFTP path /tftpboot.

  • iPXE using HTTP protocol 

    
switch# sh int mgmt0
mgmt0 is up
admin state is up,
  Hardware: GigabitEthernet, address: e4c7.22bd.c4a6 (bia e4c7.22bd.c4a6)
  Internet Address is 10.0.00.42/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
  full-duplex, 100 Mb/s
  Auto-Negotiation is turned on
  Auto-mdix is turned off
  EtherType is 0x0000
  1 minute input rate 312 bits/sec, 0 packets/sec
  1 minute output rate 24 bits/sec, 0 packets/sec
  Rx
    5433 input packets 10 unicast packets 5368 multicast packets
    55 broadcast packets 405677 bytes
  Tx
    187 output packets 9 unicast packets 175 multicast packets
    3 broadcast packets 45869 bytes
switch#

switch# ping 199.00.000.48 vrf management
PING 199.00.000.48 (199.00.000.48): 56 data bytes
64 bytes from 199.00.000.48: icmp_seq=0 ttl=61 time=82.075 ms
64 bytes from 199.00.000.48: icmp_seq=1 ttl=61 time=0.937 ms
64 bytes from 199.00.000.48: icmp_seq=2 ttl=61 time=0.861 ms
64 bytes from 199.00.000.48: icmp_seq=3 ttl=61 time=0.948 ms
64 bytes from 199.00.000.48: icmp_seq=4 ttl=61 time=0.961 ms

--- 199.00.000.48 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.861/17.156/82.075 ms
switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# no boot nxos
switch(config)# boot order pxe bootflash
switch(config)# end

switch# copy running-config startup-config
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Copy complete.
switch# reload
This command will reboot the system. (y/n)?  [n] y

CISCO SWITCH Ver 8.32

CISCO SWITCH Ver 8.32
Memory Size (Bytes): 0x0000000080000000 + 0x0000000380000000
 Relocated to memory
Time: 9/8/2017  1:3:28
Detected CISCO IOFPGA
Booting from Primary Bios
Code Signing Results: 0x0
Using Upgrade FPGA
FPGA Revison        : 0x20
FPGA ID             : 0x1168153
FPGA Date           : 0x20140317
Reset Cause Register: 0x20
Boot Ctrl Register  : 0x60ff
EventLog  Register1 : 0xc2004000
EventLog  Register2 : 0xfbc77fff
Version 2.16.1240. Copyright (C) 2013 American Megatrends, Inc.
Board type  1
IOFPGA @ 0xe8000000
SLOT_ID @ 0x1b
Standalone chassis
check_bootmode: pxe2grub: Launch pxe
Trying to load ipxe
Loading Application:
/Vendor(429bdb26-48a6-47bd-664c-801204061400)/UnknownMedia(6)/EndEntire
iPXE initialising devices...ok


Cisco iPXE
iPXE 1.0.0+ (3cb3) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: HTTP DNS TFTP NBI Menu
net6: e4:c7:22:bd:c4:a6 using dh8900cc on PCI02:00.3 (open)
  [Link:up, TX:0 TXE:0 RX:0 RXE:0]
Configuring (net6 e4:c7:22:bd:c4:a6).................. ok
net0: fe80::2a0:c9ff:fe00:0/64 (inaccessible)
net1: fe80::2a0:c9ff:fe00:1/64 (inaccessible)
net2: fe80::2a0:c9ff:fe00:2/64 (inaccessible)
net3: fe80::2a0:c9ff:fe00:3/64 (inaccessible)
net4: fe80::200:ff:fe00:5/64 (inaccessible)
net5: fe80::200:ff:fe00:7/64 (inaccessible)
net6: 10.0.00.7/255.255.255.0 gw 10.0.00.254
net6: fe80::e6c7:22ff:febd:c4a5/64
net7: fe80::200:ff:fe00:0/64 (inaccessible)
Next server: 10.0.00.4
Filename: http://10.0.00.4/ipxe/nxos-image.bin
http://10.0.00.4/ipxe/nxos-image.bin... ok
http://10.0.00.4/ipxe/nxos_image.bin... 46%
Further device bootsup fine .

  • iPXE using TFTP protocol 

    
switch# sh int mgmt0
mgmt0 is up
admin state is up,
  Hardware: GigabitEthernet, address: e4c7.22bd.c4a6 (bia e4c7.22bd.c4a6)
  Internet Address is 10.0.00.8/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  full-duplex, 100 Mb/s
  Auto-Negotiation is turned on
  Auto-mdix is turned off
  EtherType is 0x0000
  1 minute input rate 312 bits/sec, 0 packets/sec
  1 minute output rate 24 bits/sec, 0 packets/sec
  Rx
    5433 input packets 10 unicast packets 5368 multicast packets
    55 broadcast packets 405677 bytes
  Tx
    187 output packets 9 unicast packets 175 multicast packets
    3 broadcast packets 45869 bytes
switch#
switch# ping 199.00.000.48 vrf management
PING 199.00.000.48 (199.00.000.48): 56 data bytes
64 bytes from 199.00.000.48: icmp_seq=0 ttl=61 time=82.075 ms
64 bytes from 199.00.000.48: icmp_seq=1 ttl=61 time=0.937 ms
64 bytes from 199.00.000.48: icmp_seq=2 ttl=61 time=0.861 ms
64 bytes from 199.00.000.48: icmp_seq=3 ttl=61 time=0.948 ms
64 bytes from 199.00.000.48: icmp_seq=4 ttl=61 time=0.961 ms

--- 199.00.000.48 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.861/17.156/82.075 ms

switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# no boot nxos
switch(config)# boot order pxe bootflash
switch(config)# end

switch# copy running-config startup-config
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Copy complete.

switch# reload
This command will reboot the system. (y/n)?  [n] y

CISCO SWITCH Ver 8.32

CISCO SWITCH Ver 8.32
Memory Size (Bytes): 0x0000000080000000 + 0x0000000380000000
 Relocated to memory
Time: 9/8/2017  1:3:28
Detected CISCO IOFPGA
Booting from Primary Bios
Code Signing Results: 0x0
Using Upgrade FPGA
FPGA Revison        : 0x20
FPGA ID             : 0x1168153
FPGA Date           : 0x20140317
Reset Cause Register: 0x20
Boot Ctrl Register  : 0x60ff
EventLog  Register1 : 0xc2004000
EventLog  Register2 : 0xfbc77fff
Version 2.16.1240. Copyright (C) 2013 American Megatrends, Inc.
Board type  1
IOFPGA @ 0xe8000000
SLOT_ID @ 0x1b
Standalone chassis
check_bootmode: pxe2grub: Launch pxe
Trying to load ipxe
Loading Application:
/Vendor(429bdb26-48a6-47bd-664c-801204061400)/UnknownMedia(6)/EndEntire
iPXE initialising devices...ok


Cisco iPXE
iPXE 1.0.0+ (3cb3) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: HTTP DNS TFTP NBI Menu
net6: e4:c7:22:bd:c4:a6 using dh8900cc on PCI02:00.3 (open)
  [Link:up, TX:0 TXE:0 RX:0 RXE:0]
Configuring (net6 e4:c7:22:bd:c4:a6).................. ok
net0: fe80::2a0:c9ff:fe00:0/64 (inaccessible)
net1: fe80::2a0:c9ff:fe00:1/64 (inaccessible)
net2: fe80::2a0:c9ff:fe00:2/64 (inaccessible)
net3: fe80::2a0:c9ff:fe00:3/64 (inaccessible)
net4: fe80::200:ff:fe00:5/64 (inaccessible)
net5: fe80::200:ff:fe00:7/64 (inaccessible)
net6: 10.0.00.7/255.255.255.0 gw 10.0.00.254
net6: fe80::e6c7:22ff:febd:c4a5/64
net7: fe80::200:ff:fe00:0/64 (inaccessible)
Next server: 10.0.00.4
filename: tftp://199.00.000.48/nxos-image.bin
tftp://199.00.000.48/nxos-image.bin... ok
tftp://199.00.000.48/nxos_image.bin... 26%



********************************************************************

  • Interrupting the process

    Use crtl-B to interrupt the process and reach the iPXE shell.

    • The following is an example of booting an image residing on the PXE server using HTTP protocol: 

      
iPXE> dhcp
Configuring (net6 e4:c7:22:bd:c4:a6)................ ok
iPXE>boot  http://10.0.0.4/ipxe/nxos-image.bin

    • The following is an example of booting an image residing on the PXE server using TFTP protocol: 

      
iPXE> dhcp
iPXE> boot tftp://199.00.00.48/nxos-image.bin

    Use exit to exit the iPXE shell.

Boot Mode Configuration

VSH CLI 

switch# configure terminal
switch(conf)# boot order bootflash|pxe [bootflash|pxe]
switch(conf)# end

Note

The keyword bootflash indicates it is Grub based booting.

For example, to do a PXE boot mode only, the configuration command is: 

switch(conf)# boot order pxe

To boot Grub first, followed by PXE: 

switch(conf)# boot order bootflash pxe

To boot PXE first, followed by Grub: 

switch(conf)# boot order pxe bootflash

If you never use the boot order command, by default the boot order is Grub.


Note

The following sections describe how you can toggle from Grub and iPXE.

Grub CLI

bootmode [-g|-p|-p2g|-g2p]

Keyword

Function

-g

Grub only

-p

PXE only

-p2g

PXE first, followed by Grub if PXE failed

-g2p

Grub first, followed by PXE if Grub failed

The Grub CLI is useful if you want to toggle the boot mode from the serial console without booting a full Cisco NX-OS image. It can also be used to get a box out of the continuous PXE boot state.

iPXE CLI

bootmode [-g|--grub] [-p|--pxe] [-a|--pxe2grub] [-b|--grub2pxe]

Keyword

Function

– – grub

Grub only

– – pxe

PXE only

– – pxe2grub

PXE first, followed by Grub if PXE failed

– – grub2pxe

Grub first, followed by PXE if Grub failed

The iPXE CLI is useful if you wish to toggle the boot mode from the serial console without booting a full Cisco NX-OS image. It can also be used to get a box out of continuous PXE boot state.

Verifying the Boot Order Configuration

To display boot order configuration information, enter the following command:

Command

Purpose

show boot order

Displays the current boot order from the running configuration and the boot order value on the next reload from the startup configuration.