Table of Contents
We have seen how “Power-on Auto Provisioning (POAP)” is implemented when a switch boots for the first time in a network, yet it is very commonly associated with Cisco devices even though its not vendor specific, today we are going to discuss another network boot protocol that’s important for us to know in the networking domain.
Preboot eXecution Environment (PXE) introduction
PXE is a network boot protocol that allows BIOS devices to download and boot an operating system over the network. In Cisco NX-OS switches this is commonly known as Kickstarter or boot loaders. The PXE uses either a DHCP server or a TFTP server.
Unlike POAP which is more common on network devices like switches and routers, the PXE is used on diskless devices, multi-server environments, data centers, enterprise IT environments etc.
Steps involved Preboot eXecution Environment
BIOS/UEFI Boot order
First, the PXE client checks whether PXE is enabled and supported by the hardware, the check is based on the boot order.
DHCP Discovery
The PXE client sends a DHCPDISCOVER message to find the IP address and PXE boot server details, it can request additional information such as OPTION 67(FILENAME) that helps the Network Boot Program to identify the file or OPTION 66(TFTP SERVER NAME) that identifies the TFTP server that holds the bootloader.
DHCP offers and redirects
next-server option 66 tells the PXE client the IP address of the TFTP server where the boot file can be downloaded, whereas option 67 (filename) tells which specific file to download.
TFTP file transfer
Here the client uses TFTP to download the NBP (Network Bootstrap Program) that can be used to load OS files from a TFTP server.
Bootloader Execution
The NBP now allows the download of the OS kernel and other required files and drivers, with this the OS files are loaded into the memory and the PXE process comes to an end.
Common DHCP options for PXE
| Option | Purpose |
| 66 | specifies the TFTP server where the bootfile is located(TFTP server ) |
| 67 | specifies the TFTP server where the boot file is located(TFTP server ) |
| 60 | used by PXE clients to identify themselves |
| 43 | Specifies the boot file name that needs to be downloaded from the TFTP server |
| next-server | Defines the IP address of the TFTP server similar to option 66 |
PXE vs POAP!
Purpose :
PXE is primarily used for bootstraping and installing OS on server’s or PC’s over a network whereas POAP by design is for downloading configuration files, Software images for Cisco Nexus Switches.
Scope:
PXE is a general purpose for any system capable of PXE booting like Servers and desktops and works across platforms without any vendor limitations, whereas POAP is specific to NEXUS switches and integrated with Cisco’s Networking Hardware.
Workflow: A PXE device boots via network enabled with NIC, it retrieves a bootloader, OS or installer from the PXE server using TFTP and proceeds to install. The POAP works with no startup configuration. It automatically detects its POAP state request configurations from a DHCP/TF server and applies configuration and software images.
Use Cases: PXE is for bulk deployments of OS on data centre servers or for OS recovery/reinstallation, whereas POAP is for automatic software upgrades for switches.
Understand PXE boot in Configuration Manager
What is PXE, and why is it used?
PXE (Preboot Execution Environment) is a way to boot a computer over a network instead of using a local hard drive or USB. It’s mainly used to install operating systems or run diagnostic tools on multiple computers without needing to connect installation media to each one manually.
How does PXE work?
When a computer is set to boot via PXE, it sends a request to a PXE server (usually over a DHCP network). The server responds by sending the required files to boot the computer, like a bootloader and operating system installer. It’s like giving your computer a remote “startup kit” over the network.
Do I need special hardware to use PXE?
Not really! Most modern computers and servers have PXE built into their network cards (NIC). You just need to enable PXE boot in the BIOS/UEFI settings and have a PXE server set up on your network.
Is PXE secure?
Out of the box, PXE isn’t very secure because it doesn’t encrypt the files it sends over the network. If security is important, you can use additional measures like secure boot, VLANs, or firewalls to restrict PXE traffic to trusted devices.
Can PXE be used for more than installing operating systems?
Yes! While installing operating systems is its main purpose, PXE can also be used to run diagnostic tools, recover systems, or deploy live environments (like a Linux live disk) without needing a physical USB or CD.
Divyanshi Budakoti