Posted on 08-06-2013 10:18 AM
Hi Everyone,
So with much satisfaction on my part, I spun up my first Netboot server yesterday afternoon. My goal of course being to integrate Casper Imaging and finally allow our techs to image from their desks (rather than the "image station" we used to imploy).
Well, the satisfaction was short lived. I got a call from our Network admin this morning saying that my Netboot box was flooding the subnet with Multicast pkts and that they were not really fans of this. So, long story short... the netboot box is turned off.
Just wondering if you big brains had encountered this before, and if so, is there something I can tweak on the serv to maybe give my network guys a little more of a warm and fuzzy about this?
Thanks everyone!
Posted on 08-06-2013 11:00 AM
Ask your network group to provide a dedicated segment, we never put NetBoot on a wide open segment.
Don
Posted on 08-06-2013 11:21 AM
Or just use unicast. I have our tech's imaging MacBooks set up to only use unicast, and they bring a gig switch with them where gig-e is not available. Its a bit slower, but seems to work well enough for their uses.
Posted on 08-06-2013 12:11 PM
Unicast netboot is still fairly fast on gig. We're passing 22ish gig images in about 8 min via pre-stage.
Posted on 08-06-2013 12:20 PM
It probably won't make a difference unless you try to image more than 10 computers at a time, assuming you have more than one NetBoot server hosting the same images. We typically have 2 per NetBoot segment.
Posted on 08-06-2013 12:47 PM
I don't know. We run a single primary (admittedly high end) netboot server and we can keep that speed up to around 40ish units at a time. We limit it at 50/ server.
Posted on 08-06-2013 01:58 PM
So at any given time we shouldn't be imaging anymore than 5-6 systems. My primary goal is just to get the guys off of this "Target disk mode the system and plug it into a mac pro that houses our images" and onto method that is similar to our PXE / PE deployment that we employee for windows boxes.
Can any of you point to some documentation on switching to Unicast? I am fairly new to OSX Serv, I set this Netboot box up per Jamf documentation but they don't go into a ton of detail when it comes to config options.
Thanks!
Posted on 08-07-2013 06:07 AM
What is your NetBoot server running on? Also are you using ARD? Appel remote desktop tends to send quite a lot of multicast traffic... all right all right, OS X tends to send a lot of multicast (mDNS - Bonjour) traffic. Have your network admins identified anything beyond the fact that the switches are freaking out with multicast traffic? There are ways to do anything up to and including completely disabling mDNS advertisements. I'm just not convinced that you're streaming an ASR image if you didn't do it on purpose.
FYI, a standard OS X Netboot server runs unicast AND most image deployment services are unicast by default. In regards to the unicast vs multicast performance discussion I will say that we prefer to run very fast I/O in a unicast environment rather than utilizing a multicast stream. This, on top of proper network segmentation.
Posted on 08-07-2013 09:13 AM
Hi Chris, thanks for the response. So as a proof of concept I built out a Mac Mini running OSX serv 10.6.8, if this were to move into production i would most likely move the build to a MacPro tower or one of our older Xserve's.
I do not have ARD installed on the Netboot image, however we do run it on all of our Tech's machines.
So basically what our network team did was take the mac address form the mac mini and pull the port stats. They saw the total Multicast packets coming from that address and gave a big thumbs down.
I have to admit that I am very newbish with it comes to OSX serve, so when there is talk of toggling between multicast and unicast I am a little lost (surprisingly, google as not been much help).
How does one go about confirming how packets are being broadcast from the server? I've spent a fair amount of time bouncing through server admin and haven't found anything that seems relevant.
Posted on 08-07-2013 10:40 AM
Apple's OS uses Bonjour... or rather mDNS (Multicast Domain Name Service) for a great many things. Here is an apple KB article on how to easily disable advertisements from your server. (http://support.apple.com/kb/HT3789) since this is only a test you should be able to see if there are any negative consequences on your provided services, but I doubt it. Well... so long as you don't intend on using any services that use bonjour (and you probably shouldn't, but that's an institutional decision).
As for catching packets... leave it to your Network Engineer folks. However, you could grab wireshark and tell it to capture packets from that particular IP address. (Then again, I'm not a networking expert).
Posted on 08-07-2013 09:25 PM
Thank you Chris, i will tempt the change noted in the article tomorrow. Hopefully this keeps our Net team happy.