The Bootstrap Protocol (BOOTP) server answers network bootstrap requests from diskless workstations and other network devices such as routers, terminal servers, and network switching equipment. When it receives such a request, the BOOTP server looks up the workstation's address in the BOOTP database file.

The Trivial File Transfer Protocol (TFTP) handles the file transfer from a BOOTP server to a diskless client or other remote system. The client initiates the file transfer.

This chapter reviews key concepts and describes how to:

• Create the BOOTP database and populate it with client entries
• Configure the BOOTP and TFTP processes
• Monitor the BOOTP and TFTP processes

The BOOTP server answers client requests for diskless client configuration by sending address and file name information to the client. When the client receives this information from the BOOTP server, it initiates a file transfer using the TFTP protocol.

Performing a network bootstrap consists of the following steps for the BOOTP server:

1. The BOOTP server receives a configuration request from a client. A broadcast request goes out to all potential servers on the subnetwork or is directed to a predetermined known server address.
2. The BOOTP server reads the information in the BOOTP database to get information about the client. The identity of the client is based on the network hardware address contained in the request.
3. BOOTP identifies the network client.
4. BOOTP constructs a response that contains all of the information in the BOOTP database for that client. The types of information that the database stores are:
   • Client's IP address
   • Client's host name (usually)
   • Name and size of the client's system load file
   • IP address of the TFTP server storing this file
   • IP addresses of the hosts offering common network services, such as a log server or a print (LPD) server.
5. When the client receives the configuration information in the BOOTP response, it sends a request to the TFTP server host named in the response. This request is necessary only if the client must retrieve the load file.
6. If the client sends a read request (RRQ) to the TFTP server, it attempts to locate this file.
   If it finds the file, the server transfers it to the client. This transfer is called downloading.

Table 8-1 summarizes the BOOTP management commands.

Table 8-1 BOOTP Management Commands

Command	Function
CONVERT /VMS BOOTP	Populates an existing BOOTP database with entries from a UNIX /etc/botptab file.
CREATE BOOTP	Creates an empty BOOTP database.
SET BOOTP	Adds or modifies client entries to the BOOTP database.
SHOW BOOTP	Displays information from the BOOTP database.
ENABLE SERVICE BOOTP	Interactively enables the BOOTP service.
DISABLE SERVICE BOOTP	Interactively disables the BOOTP service.
SET CONFIGURATION ENABLE SERVICE BOOTP	Sets the configuration database to enable BOOTP at product startup.
SET CONFIGURATION DISABLE SERVICE BOOTP	Sets the configuration database to disable BOOTP at product startup.
SET SERVICE BOOTP	Configures the service in the services database.
SHOW SERVICE BOOTP	Displays BOOTP information stored in the services database.

8.3 BOOTP and TFTP Logical Names

Table 8-2 lists the logical names you can use to manage the BOOTP software.

Table 8-2 BOOTP and TFTP Logical Names

Name	Function
TCPIP$BOOTP	Points to the location of the BOOTP database file.
TCPIP$TFTP_ROOT	Defines a concealed device. Points to the TFTP data storage tree, for example, SYS$SYSDEVICE:[TCPIP$TFTP_ROOT.].

8.4 BOOTP and TFTP Planning and Preconfiguration Tasks

When planning BOOTP, you need to make decisions about the network configuration and the local BOOTP service.

8.4.1 Network Configuration Decisions

Before you start to set up BOOTP, answer the following questions:

• What clients will access the BOOTP server? For each client, obtain:
  • System image and location from where it can be copied
  • Additional information it might request
  • Hardware address (used as a lookup key)
  • IP address
• What hosts in your network will run the BOOTP server?
• Will gateways be used for downloading? Gateways let you specify a specific path for the data transfer.
• Do you want to limit client access to specific server directories?

Before you start to configure BOOTP and TFTP consider the following:

• Default priority for the TCPIP$BOOTP server account in the user authorization file (UAF)
  For optimal performance, set the default priority level for the TCPIP$BOOTP user account.
  In a large or active subnetwork, clients might generate several broadcast requests per minute. The server continues to process all incoming requests, even those for which it lacks information in its database.
  In most cases, all this processing does not create system performance problems. However, it does use, perhaps unnecessarily, system resources. A different network configuration might avoid wasted system overhead.
• Segmented subnetworks
  To reduce large volumes of BOOTP request traffic to a specific server, segment very large subnetworks with filtering bridges.
  If you configure multiple servers, each server competes to provide the requested configuration information. For efficient use of each server, partition the database with a subset of the overall client population designated to each server.
• Separate directory for each client
  To avoid writing over the same file name with configuration information from multiple clients, create a separate directory in the TCPIPTFTP_ROOT: directory tree for each client.
  Some BOOTP clients such as routers and terminal servers have an upline dump function that can store configuration options on the BOOTP and TFTP server host. In a network with two or more of these clients, the clients can use the same file name to store the configuration information with TFTP.
• Security needs
  Identify your system's security needs (see Section 8.5).

For security purposes, the server runs as an unprivileged image that can access only the directories and files for which it has read access.

Compaq recommends that you safeguard your system's normal file protection mechanisms from unauthorized TFTP access. In particular, ensure the security of system files.

A client's download request can use one of several formats for its file name specification:

• If the unprivileged TFTP server has read access to the requested file, the client uses a fully qualified file name, including the device, directory, name, and extension, to directly access the file.
• If the client specifies only the file name and extension, the TFTP server attempts to locate the file in the default TFTP directory tree.
  You can designate this directory tree with the system logical name TCPIP$TFTP_ROOT:. This is a concealed device name, usually pointing to the directory SYS$SYSDEVICE:[TCPIP$TFTP_ROOT.]. When looking for a directory, the TFTP server looks first in the TCPIP$TFTP_ROOT: area with the same name as the requesting client's host name.

For example, if a client named GULL.SHORE.COM sends a read request for the file SERVICE.DAT, the server's first attempt to find the file is in TCPIP$TFTP_ROOT:[GULL]. If that directory does not exist, the server next looks in the TCPIP$TFTP_ROOT: root directory, for example, in TCPIP$TFTP_ROOT:[000000]SERVICE.DAT.

If the TFTP client requests a file by specifying a name in UNIX style format, for example, /etc/gull/myfile, TFTP tries to translate this file specification into OpenVMS format.

The BOOTP and TFTP servers run as the nonprivileged OpenVMS user accounts TCPIP$BOOTP and TCPIP$TFTP. When you set up BOOTP and TFTP, follow these security procedures:

• Ensure that neither server has automatic access to any files.
  To make files accessible to the BOOTP and TFTP servers, grant appropriate access to their accounts. Use the normal OpenVMS file protection procedures. For example, enter the DCL DIRECTORY /SECURITY command.
• Prevent unauthorized access to sensitive system or user data. Before you enable BOOTP and TFTP, and in particular TFTP, ensure that you have set up all the necessary file protections.
• Give the TCPIP$BOOTP and TCPIP$TFTP user accounts read access to the files in the TCPIP$TFTP_ROOT: directory tree that might be used for downloading.
• Some clients first send a BOOTP request for the name of the file that they need downloaded. On receipt, BOOTP opens the file for read access and retrieves its size. BOOTP needs access to confirm that the file exists and to provide the size of the file to the client in the BOOTP response.
  Ensure that BOOTP has access to this file.

If you choose to configure BOOTP while configuring the product, TCPIP$CONFIG creates an empty BOOTP database.

If you need to create it manually, use the CREATE BOOTP command. This command creates the file SYS$SYSTEM:TCPIP$BOOTP.DAT. The command uses the logical name TCPIP$BOOTP to point to the BOOTP database file. To create a separate database, perhaps in a different disk directory or with a different file name, modify this logical name.

To create a temporary, separate, and empty BOOTP file, you can use a process-specific logical name. However, DIGITAL does not recommend creating separate or private BOOTP databases because the TCPIP$BOOTP user account requires read access.

8.6.1 Populating the BOOTP Database

For each BOOTP client in the BOOTP database, use the SET BOOTP command to enter the following required information:

• Client's hardware address (mandatory).
• Either the client's name or IP address (mandatory).
• Network mask (mandatory).
• Client's system image file name (mandatory).
• Interim gateway (routing) systems.
• Either the name or IP address of other network servers. Some of the optional servers that you can specify are:
  • Cookie servers
  • IEN-116 name servers
  • IMPRESS network image servers
  • LPR print servers
  • MIT-LCS UDP logging servers
  • DNS (BIND) name servers
  • Resource location (RLP) servers
  • Network time servers

To populate the BOOTP database with client entries, use these commands:

• CONVERT /VMS BOOTP (adds UNIX client records)
• SET BOOTP (adds individual client records)

You can use the BOOTP client information in an existing UNIX boot file. The CONVERT /VMS BOOTP command populates the existing BOOTP database with entries from a BIND formatted UNIX /etc/bootptab file.

Before you enter CONVERT /VMS BOOTP, define the logical name TCPIP$BOOTP. The CONVERT /VMS BOOTP command uses it to specify the directory and file name for the database. Enter:

$ DEFINE /SYSTEM TCPIP$BOOTP SYS$COMMON:[SYSEXE]TCPIP$BOOTP.DAT

If you do not define TCPIP$BOOTP, the database is created as [current_directory]TCPIP$BOOTP.DAT.

To populate the BOOTP database by using entries in a UNIX /etc/bootptab file, follow these steps:

1. Copy the /etc/bootptab file to your system.
2. Edit the output file. Examine the directory path for each client entry. Modify the UNIX path names to OpenVMS specifications, For example, change:

   :hd=/usr/apple/orange/bootptab:

   
   to

   :hd="DISK_BIRD2$:[USR.APPLE.ORANGE]BOOTPTAB.DAT":

   
   Note that this file is still UNIX style, not OpenVMS compatible.

3. Enter the convert command as follows:

   TCPIP> CONVERT /VMS BOOTP

   
   The command reads the entries in your edited output file and adds them to the BOOTP database. If it finds an existing record for a client with a converted record, and if the information differs, the command updates the existing record with the newer data.

The CONVERT /VMS BOOTP command has several options:

TCPIP> CONVERT /VMS BOOTP source_file /ADD_HOST /FILE=sys_image_file

where:

• source_file
  This parameter specifies the name of the file you edited (the output from the copy command). The default is ETC.BOOTPTAB.
• /ADD_HOST
  This parameter adds client entries that are new to your system to the host database. The default is no adding.
• /FILE=sys_image_file
  This parameter specifies the download file. Use it if you are adding new clients to the BOOTP database. All these new clients have the same download file.

To add individual entries to the BOOTP database, enter:

TCPIP> SET BOOTP host /FILE=download_file - _TCPIP> /HARDWARE=ADDRESS=hex_address

In the following example, the SET BOOTP adds host PLOVER, with hardware address 08-00-2D-20-23-21, to the BOOTP database. BOOTP can respond to a remote boot request from client PLOVER by using TFTP to send its image file, PLOVER.SYS, to its hardware address.

TCPIP> SET BOOTP PLOVER - _TCPIP> /HARDWARE=ADDRESS=08-00-2D-20-23-21 - _TCPIP> /FILE=PLOVER.SYS

By default, upon receiving a request, BOOTP looks for the download file in TCPIP$TFTP_ROOT:[host], where host is the client's host name, excluding the domain. If this directory does not exist, BOOTP uses TCPIP$TFTP_ROOT:[000000].

8.6.4 Modifying and Deleting Entries

To modify a record in the BOOTP database, use the SET BOOTP command. For example, to stop using hosts seagull, tern, and sandpiper as gateways for downline loading to PLOVER, enter:

TCPIP> SET BOOTP PLOVER /NOGATEWAYS=(seagull,tern,sandpiper)

To delete an entry from the BOOTP database, enter SET NOBOOTP.

8.7 Setting Up the BOOTP and TFTP Services

To set up the BOOTP and TFTP Server software, run TCPIP$CONFIG (see the DIGITAL TCP/IP Services for OpenVMS Installation and Configuration manual).

The procedure creates:

• BOOTP user account
• TFTP user account
• Service records in the services database
• Default directories
• TFTP root directory to which the logical name TCPIP$TFTP_ROOT: will point

To display information about the BOOTP and TFTP server processes, enter the SHOW SERVICEcommand. For example:

TCPIP> SHOW SERVICE BOOTP Service Port Proto Process Address State BOOTP 67 UDP TCPIP$BOOTP 0.0.0.0 Enabled TCPIP> SHOW SERVICE BOOTP /FULL Service: BOOTP State: Enabled Port: 67 Protocol: UDP Address: 0.0.0.0 Inactivity: 5 User_name: TCPIP$BOOTP Process: TCPIP$BOOTP Limit: 1 Active: 1 Peak: 1 File: TCPIP$SYSTEM:TCPIP$BOOTP_RUN.COM Flags: Listen Socket Opts: Rcheck Scheck Receive: 0 Send: 0 Log Opts: Acpt Actv Conn Error Exit Logi Logo Mdfy Rjct Addr File: SYS$SYSDEVICE:[TCPIP$BOOTP]TCPIP$BOOTP_RUN.LOG Security Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0

8.9 Enabling and Disabling BOOTP and TFTP

To enable and disable BOOTP and TFTP, use these commands:

• On the running system
  • ENABLE SERVICE BOOTP
  • ENABLE SERVICE TFTP
• In the configuration database:
  • SET CONFIGURATION ENABLE SERVICE BOOTP
  • SET CONFIGURATION ENABLE SERVICE TFTP

To check if these services are enabled or disabled, enter these commands:

• SHOW SERVICE BOOTP
• SHOW SERVICE TFTP
• SHOW CONFIGURATION ENABLE SERVICE BOOTP
• SHOW CONFIGURATION ENABLE SERVICE TFTP

Examples

The following command shows basic information about the TFTP service on the running system:

TCPIP> SHOW SERVICE TFTP Service Port Proto Process Address State TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled

The following command shows complete information about TFTP parameters and statistics:

TCPIP> SHOW SERVICE TFTP /FULL Service: TFTP State: Enabled Port: 69 Protocol: UDP Address: 0.0.0.0 Inactivity: 5 User_name: TCPIP$TFTP Process: TCPIP$TFTP Limit: 1 Active: 1 Peak: 1 File: SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_STARTUP.COM Flags: Listen Socket Opts: Rcheck Scheck Receive: 0 Send: 0 Log Opts: Acpt Actv Dactv Conn Exit Logi Mdfy Rjct TimO File: SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTPD_STARTUP.LOG Security Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0

8.10 TFTP

The Trivial File Transfer Protocol (TFTP) transfers files from a BOOTP server to diskless clients or other remote systems. The client initiates the file transfer.

When the client receives the configuration information in the BOOTP response, it sends a request to the TFTP server host named in the response. This request is necessary only if the client must retrieve the load file.

If the client sends a read request (RRQ) to the TFTP server, the server attempts to locate this file.

TFTP has the following characteristics:

• TFTP clients are not registered in a database.
• TFTP, which runs as an unprivileged user in the TCPIP$TFTP account, is restricted to only those files that the normal unprivileged user can access.
• TFTP clients are not regulated by the usual OpenVMS user security methods.
• No user name or password is required to use the TFTP service.

Table 8-3 summarizes the TFTP management commands.

Table 8-3 TFTP Management Commands

Command	Function
ENABLE SERVICE TFTP	Enables the service.
DISABLE SERVICE TFTP	Disables the service.
SET SERVICE TFTP	Configures TFTP in the service database.
SHOW SERVICE TFTP	Displays information about TFTP from the service database.

8.11.1 TFTP Directory Structure

The post-installation configuration procedure (TCPIP$CONFIG.COM) creates the TFTP directory structure and defines the system logical name TCPIP$TFTP_ROOT as a concealed device that points to the TFTP directory tree.

8.11.2 Upline Dumping

The TFTP server provides upline dumping services to clients requesting a transfer of data or program image to the TFTP server host.

The same rules apply to upline dumping as to downline loading. In addition, before a data transfer, you must create the file on the TFTP server host to which the data is transferred. This sequence lets you manage the creation of new files on the TFTP server host and helps to prevent the creation of unwanted files on the server host.

Each incoming transfer of data to a file creates a new generation of the target file. As a result, you need to manage the consumption of disk space on the server system. Carefully set up file version limits for the target files and directories.