Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

NetBoot across subnets with a bootpd relay

Hello Apple Community!


I've got 4 subnets at my school, each with various Macs around campus. I have a Mavericks server on each subnet currently, each with their own NetBoot images. It's a pain to keep everything updated. I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot. So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.


This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us. Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet. However, option #2 describes configuring a bootpd relay. Based on my reading, this sounds like exactly what I need. However, I can't find any good documentation to walk me through setting it up.


I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers. This hasn't gotten me very far. My clients still don't see the remote NetBoot server. It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client. But I have no idea how to make this work.


Could someone please give me more guidance on what I'm supposed to be doing here? I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between). Even if I could get it to just netboot to one default source (AST), I could deal with that. I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location. I'm stumped in this multiple subnet environment and I need help. Please help.

Mac mini, OS X Server, OS X 10.9.4 with Server 3.1.2 running on a Mac mini

Posted on Apr 30, 2015 2:38 PM

Reply
14 replies

Apr 30, 2015 4:30 PM in response to atoss

The basic idea is to have one machine on each subnet running a bootpd relay instance. The relay receives broadcast BootP packets on its own subnet, which are how the client netboot process asks for a netboot image, and then converts and forwards them as a unicast to the netboot server. The netboot server replies to the bootpd on the subnet, which then passes the message to the client.


C.


P.S. I believe it is possible, but I haven't tried it myself, to configure an Arduino with an Ethernet interface to act as a cheap bootpd relay. You can just plug this in when its needed.

Apr 30, 2015 7:03 PM in response to cdhw

Thank you for the feedback. So far, in my attempts to get this to work, I've configured a server with bootp_enabled on one subnet with a relay_ip_list pointing at a netboot server on a different subnet. On that server, I've also configured bootp_enabled. Here's a copy of /etc/bootp.plist as I've been working on it. But I don't know if I'm on the right track or not. Is this how I enable a bootp relay?

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>NetBoot</key>

<dict/>

<key>Subnets</key>

<array/>

<key>allow</key>

<array/>

<key>bootp_enabled</key>

<true/>

<key>deny</key>

<array/>

<key>detect_other_dhcp_server</key>

<false/>

<key>dhcp_enabled</key>

<false/>

<key>netboot_disabled</key>

<array>

<string>en0</string>

</array>

<key>old_netboot_enabled</key>

<false/>

<key>relay_enabled</key>

<array>

<string>en0</string>

</array>

<key>relay_ip_list</key>

<array>

<string>tftp://172.xx.xx.xx</string>

</array>

</dict>

</plist>


It seems like I should be able to use this to get a client to tell to it's local subnet's server that it's looking for netboot image and have the local subnet's server pass that request on to the remote subnet's server and have it return all it's netboot options to the client on the other subnet.


Thanks again for any advice you have.

May 1, 2015 2:05 AM in response to atoss

I think you need to remove "tfp://" from the relay_ip_list, AFAIK it's just ip numbers that go in there, not protocol.

I assume you started the relay with the 'debug & logging' options enabled. What does this log say when you open the 'Startup Disk' in the netboot client System Preferences so it searches for a network image?

C.

May 1, 2015 3:03 AM in response to cdhw

... I assume you started the relay with the 'debug & logging' options enabled. What does this log say when you open the 'Startup Disk' in the netboot client System Preferences so it searches for a network image?


I'm also doubtful having both <allow/> and <deny/> I think this means 'don't process anybody', I'd delete both of these to start with which means allow all clients and then lock it down once things start working.


Also, shouldn't there be an array containing the interface(s) immediately following the bootp_enabled key instead of after the netboot_disabled one?


The whole plist seems more elaborate than I would expect for a simple bootp relay. Is it based on something that works?


C.

May 1, 2015 5:09 AM in response to cdhw

Thanks again for your feedback. I had forgotten I left the "tftp://" on the IP address. Though, I've tried that multiple ways, starting with IP only. Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through. These are there by default, though I will remove them and see what happens. Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array. Though I will still change this also and see what happens. The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.


Essentially, that plist comes from a fresh activation of NetInstall. I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.


All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled. I haven't started the relay in any active sense. So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost. Is there a way to actively "start" the relay? I'd love to look at these 'debug & logging' options. As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change. Basically, they just don't see the remote server as a startup option. I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.


On a side note, I had a wild hair to try something different. I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server. This really looked like it might work. When you boot the client, it saw the startup volumes from the remote server. However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive. It was worth a try...

May 1, 2015 5:29 AM in response to atoss

These are the changes I've made to the plist. Should the relay server have NetBoot enabled? Or is it enough that the relay is enabled and there's an address in the relay_ip_list? Any other ideas? Incidentally, when I try to run any bootpd command in terminal, it returns 'command not found.' Which is weird because I can view man bootpd without issue.


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>NetBoot</key>

<dict/>

<key>Subnets</key>

<array/>

<key>bootp_enabled</key>

<array>

<string>en0</string>

</array>

<key>detect_other_dhcp_server</key>

<false/>

<key>dhcp_enabled</key>

<false/>

<key>netboot_enabled</key>

<false/>

<key>old_netboot_enabled</key>

<false/>

<key>relay_enabled</key>

<array>

<string>en0</string>

</array>

<key>relay_ip_list</key>

<array>

<string>172.xx.xx.xx</string>

</array>

</dict>

</plist>


Thanks again.

May 1, 2015 5:57 AM in response to atoss

That's more like what I was expecting, although obviously the 'xx' in '172.xx.xx.xx' need to be replaced with the correct numerical values for the netboot server.


All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled. I haven't started the relay in any active sense.


OS X doesn't run bootpd by default you will need to start it. Use the command line while debugging:


sudo /usr/libexec/bootpd -dv


and launchctl:


sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist

sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist

to start and stop the service in normal use.

C.

May 1, 2015 6:19 AM in response to cdhw

THANK YOU! I knew I was missing some thing simple. I had a feeling I needed to enable the relay some how, but I just wasn't able to suss out how to do that from all the reading I've done online. I'm actually shocked that it's this simple to get the relays going. Just a couple of .plist modifications and loading a launchdaemon. This is going to make life simpler around here! Thank you again for all your help.

Jun 10, 2015 7:45 AM in response to cdhw

So far, I've had my bootp relay working relatively well. My Macs are seeing netboot options across subnets and successfully booting to them (with Apple Service Toolkit being an exception because it doesn't like subnets, but I can work with that). However... one oddity that I'd like to resolve, or at least better understand, is that my newer Macs, anything made in the last few years, do not see my netboot options in the Startup Manager (some call this the "boot picker").


It's weird because all the Macs, no matter the model, see the netboot options from the other subnet in the Startup Disk preference pane. But this is the only way that I can get newer Macs to boot across subnets. Older, pre-2010 Macs can see the netboot options from the Startup Manager just fine, the same as if the netboot options were on the local subnet. 2010 and newer Macs don't show any boot options in Startup Manager other than the local drives. Though, they do see netboot options from the local subnet in Startup Manager without issue. If the newer Macs are booted to the local drive or recovery hd, I can select the other subnet's netboot volumes from the Startup Disk preferences.


Why is this? Ideally, I'd like for all Macs to see the NetBoot options, across the subnets, right in the Startup Manager. It will be very cumbersome to have to have a local OS to boot to just to get to the Startup Disk preferences. I guess I could use the Internet Recovery option as well, but that will be just as cumbersome. Any advice to help resolve this issue would be greatly appreciated.


Thanks.

Oct 30, 2015 5:19 AM in response to LarryStegall

AST still doesn't work across subnets, at least using the BootP relay method. Not as of AST v1.5.13 anyway. I haven't tested since upgrading, however I see now that v1.5.16 runs on El Capitan, so I can finally upgrade my netboot server to Yosemite. It'll be worth another try then, but I'll bet that it still won't work. This method works wonderfully for all my other netboot options, though. I have netinstall images, a netboot for triaging and a DeployStudio boot alongside AST. If I need AST for Macs outside my office subnet, I'll bring them back to the office. Usually, I do repairs there anyway, so it's not a problem.

NetBoot across subnets with a bootpd relay

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.