Peer to Peer PXE with DHCP Snooping protection enabled
We have a product that runs on each Windows-based workstation and can provide a PXE boot to a peer within its same IP subnet. The agent is bound on port 67 listening for UDP DHCP discover packets with option parameter 60 set to PXEClient. The networking team wants to enable DHCP Snooping on the CISCO switches to increase infrastructure security. My question, is there anyway to allow packets with option 60 set to PXEClient to be broadcasted to the local switch ports when DHCP snooping protection is enabled?
In a sense, DHCP Snooping is a relatively inflexible protection technique that assumes a standard type of LAN deployment: DHCP clients do not have any server capability, and so they are not expected to send any server-type responses, nor should they listen to the DHCP communication of other clients. If the clients go beyond this assumption and in fact provide some kind of DHCP server-alike services then they're no longer common clients, and DHCP Snooping is not well-suited to accomodate them.
Unfortunately, DHCP Snooping cannot be customized in the way you would require. If it is required for each Windows workstation to provide PXE booting capabilities then the workstation is no longer in the position of a classic host, rather, it is becoming a server. Deploying DHCP Snooping in such a network would require configuring ports to all stations as trusted ports which voids the entire protection.
The question is whether all stations should truly be providing the PXE booting service. To me, it sounds like an overkill - if one single station is capable of doing that, what is the reason or advantage of having all stations acting in the same way? Perhaps this design should be re-evalued and hopefully changed.
What is AppQoE?
AppQoE is a WAN optimization stack and optimizes WAN traffic for different use cases for applications that are deployed on-prem or in cloud.
What are the benefits of using AppQoE?
AppQoE improves application experience by d...
The application delivery challenges have been the enemy of network since the advent of Internet. So, what are these application delivery challenges that can bring down a network to its heels?
Above are some of the common problems faced not only by tradit...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. Now we are looking to YOU, our amazing tech community, to weigh in. Check out the amazing educational content we've uncovered and vote for your favorites before Friday, Fe...
SD-WAN Advanced Deployment What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology of software-defined networking . SDN is a centralized approach to network management which abstract...