BOOTP (Boot Protocol) may be used to boot remote computers over a network. BOOTP messages are encapsulated inside UDP messages and therefore its requests and replies are forwarded by routers. BOOTP is defined by RFCs 951 and 1542. The drawing below illustrates the data encapsulation:
The diskless system reads its unique hardware address from its network interface card then sends a BOOTP request. The table below shows the BOOTP package format from most significant bit to least significant bit.
| Bit range | # of Bits | Name | Description |
| 0-7 | 8 | Op code | Tells if the message is a BOOTP request or reply. Request=1, reply=2 |
| 8-15 | 8 | Hardware type | Indicates the type of hardware (link level). A value of 6 indicates ethernet |
| 16-23 | 8 | Hardware address length | Tells the length in bytes of the hardware address number. Ethernet addresses are 6 bytes long. |
| 23-31 | 8 | Hop count | Initially set to 0. Incremented each time it is forwarded. |
| 32-63 | 32 | Transaction ID | A random number set by the client and returned by the server. Used to match replies with requests |
| 64-79 | 16 | Number of seconds | The time since the client started trying to bootstrap. Used to tell if a backup BOOTP server should respond. |
| 80-95 | 16 | unused | not used |
| 96-127 | 32 | Clients IP address | The clients IP address. If a request, it is normally 0.0.0.0 |
| 128-159 | 32 | IP address for client | The server sets this in the reply message. |
| 160-191 | 32 | Server IP address | Filled in by the server. |
| 192-223 | 32 | Gateway IP address | Returned by the server. |
| 224-351 | 128 | Clients hardware address | Provided by the client. |
| 352-1375 | 1024 | Server hostname | A null terminated string optionally filled in by the server. |
| 1376-3423 | 2048 | Boot filename | A fully qualified boot file name with path information, terminated with a null. Supplied by the server. |
| 3424-4447 | 1024 | Vendor information | Used for various options to BOOTP including the subnet mask to the client. |
The BOOTP server uses port 67 and the BOOTP client uses port 68. The following is a brief explanation of what happens when a remote client boots:
- BOOTP request. The client sends a BOOTP request from 0.0.0.0.68 to 255.255.255.255.67 with its ethernet address and number of second's fields filled in.
- BOOTP reply. The server responds with the client's IP address, the server's IP address (it's own), and the IP address of a default gateway.
- ARP request. The client issues an ARP to tell if the IP address it just received is being used. It uses 0.0.0.0 as it's own address
- ARP request. The client waits 0.5 seconds and repeats the same ARP request.
- ARP request. The client waits another 0.5 seconds and repeats the ARP request with it's own address as the senders address.
- BOOTP request. The client waits 0.5 seconds and sends another BOOTP request with its own IP address in the IP header
- BOOTP reply. The server sends the same BOOTP reply it sent the last time.
- ARP request. The client outputs an ARP request for the server hardware address
- ARP reply. The server replies with its own ethernet address.
- TFTP read request. The client sends a TFTP read request asking for its specified boot file
No comments:
Post a Comment