I've got a bit of an odd issue, that I've hit a wall trying to diagnose.
I have a EX3200 which has multiple RVI VLANS implemented on it, then a firewall trunked from it - with a few more VLANS. A PXE server is behind the firewall on vlan.4003
The PXE server has the IP 10.2.4.3 and can be pinged from any VLAN on the EX3200.
Files from the TFTP daemon can also be downloaded from any VLAN on the EX3200.
The firewall is disabled for the purpose of testing and all ACLs are disabled on the EX3200.
forwarding-options {
helpers {
bootp {
server 10.2.4.3;
interface {
vlan.32;
}
}
}
}
When I boot up a server on any other VLAN - the idea is that the NIC will PXE boot from the PXE server.
A DHCP request is sent (via the L3 interface on the VLAN) to the DHCP server. The server gets this request and assigns an IP.
Then the PXE boot requests the TFTP file (pxelinux.0). However, this just times out
PXE-E32: TFTP open timeout
Looking at the corresponing logs on the PXE server, you can see the request:
Mar 23 19:01:50 pxe1 in.tftpd[32490]: RRQ from 192.168.1.5 filename pxelinux.0
Mar 23 19:01:51 pxe1 in.tftpd[32491]: RRQ from 192.168.1.5 filename pxelinux.0
Mar 23 19:01:52 pxe1 in.tftpd[32492]: RRQ from 192.168.1.5 filename pxelinux.0
Then tcpdump'ing the interface on the PXE server
19:14:26.398898 IP 10.2.4.3 > 192.168.1.5: ICMP 10.2.4.3 udp port 37802 unreachable, length 40
So it is clear the PXE server can't access the client. Attempting a ping confirms this - the 192.168.1.5 address does not respond to ICMP.
So checking the routes on the EX3200
show routes
...
192.168.0.0/24 *[Direct/0] 16:41:43
> via vlan.32
So the route clearly exists on the EX3200 - so then I checked the ARP table
MAC Address Address Name Interface Flags
00:00:xx:xx:xx:xx 192.168.1.5 192.168.1.5 vlan.32 none
And that also exists.
So everything looks fine, the DHCP server assigns an IP, the client server requests the PXE file - but the PXE server can't actually communicate with the client, nor can the EX3200 that is directly connected.
Its worth stating that if I just boot the normal OS on the client - all routing works perfect. It can ping the PXE server and vice versa without issue.
What on earth is going on?