Request for iPXE boot on private subnet
Currently, iPXE requires iPXE definitions files to be available on a public web server. This means the system will need to be exposed publicly.
hey Cesar Ortega, I'm just bumping this thread to make sure you saw Marques Johansson's response.
marked this post as
Hi, Cesar Ortega.
When a node boots into L2 mode, it can take advantage of a privately managed iPXE environment. This could look like, for example, a bastion gateway node in L2 or Hybrid networking mode running DHCP + TFTP. Pure L2 nodes would get their DHCP responses from that bastion node and would boot whatever images that the bastion node specifies and potentially provides.
An open example of this pattern in action is https://github.com/equinix-labs/terraform-equinix-metal-eks-anywhere. In this project, Tinkerbell is used to provide iPXE services from the bastion node while the L2 nodes receive DHCP offers for public addresses. Internet routing is extended to the L2 nodes through a Metal Gateway device.
Alternatively, for nodes booting into L3 and Hybrid configurations, there are two options that I'm aware of:
- The iPXE script and data/OS can be hosted on the project scoped private network (10.x.x.x/25) or hosted publicly.
- A public iPXE script or initialization OS can configure network interfaces before chaining into an iPXE environment hosted in pure L2.
We describe some of these capabilities in the documentation at https://metal.equinix.com/developers/docs/operating-systems/custom-ipxe/.
Did you have another scenario in mind that you could expand upon?