DHCP & PXE basics

 

A DHCP Handshake runs through the following steps:

DHCP The complete traffic runs on UDP User Datagram Protocol (OSI Layer 4)

Discover
· Client broadcast: asks for IP address
· In the network trace you see a call from 0.0.0.0 to 255.255.255.255
· Runs on port 67 UDP

DHCP Offer
· DHCP server response including IP address for client
· Runs on port 68 UDP

DHCP Request
· Acknowledgement (ack) of the client to the server
· Client requests server ack

DHCP Ack
· Acknowledgement of the IP ownership of the client

 

Where PXE comes into play:

This DHCP handshake has nothing to do with PXE at this point. PXE stands for pre-boot execution environment and is a rather old technology. It is in-deph defined and documented by Intel:

https://download.intel.com/design/archives/wfm/downloads/pxespec.pdf

PXE does not come with a dedicated boot protocol. It is simply DHCP packets extended with additional DHCP options. It’s formerly known as the bootstrap protocol. If a PXE-enabled network card sends out an DHCP discover package, it will add DHCP option 60, which includes the string “PXEClient:Arch:xxxxx:UNDI:yyyzzz”. Then it waits for DHCP offers.

It will only respond if it gets a DHCP offer including option 60 which means: I am PXE capable and able to send out boot server and boot file information.

The DHCP offer can be splitted into two independent packages, coming from different servers. The DHCP server can send out the DHCP offer containing the clients IP address and the PXE server can send out the DHCP offer containing the option 60.

The PXE client will wait for all needed information up to 60 seconds. DHCP Discover will be retried four times. The four timeouts are 4, 8, 16 and 32 seconds respectively. If the client gets the offer within this timeout, it will proceed with the DHCP request. If not, it will stop with a PXE-MOF error.

 

A PXE-DHCP Handshake looks like the following:

(DHCP and PXE service run on different machines)

DHCP Discover
· Client broadcast asking for IP address and PXE-capable DHCP service
· DHCP discover package contains option 60
· DHCP discover uses port 67 UDP

DHCP Offer
· Reply of the DHCP server containing IP address offering on port 68 UDP
· Reply of the DHCP or PXE server containing option 60

DHCP Request
· Client broadcast, ready to acknowledge IP address and boot server (port 67 UDP)

DHCP Ack
· Server broadcast, acknowledge clients IP address and lease (port 68 UDP)

DHCP Request
· Client unicast request for options 66 (boot server) and option 67 (bootstrap file) (port 4011 UDP)
· Unicast addresses server which offered option 60

DHCP Ack
· Server ack from PXE server including options 66 and 67

Start of the bootstrap file download using TFTP (UDP 69 and UDP high level ports)

image

Screenshot: normal PXE boot

You can see in the screenshot that:
· DHCP offers come from two different machines (.2 is the DHCP, .1 is the PXE host)
· The last 2 steps run using unicast