Network Boot

Note

Network booting only applies to following machines in the homelab:

hp-dl360

Architecture

flowchart LR
    subgraph homelab [Homelab]
    server@{ label: "Server", shape: rect }
    switch@{ label: "Switch", shape: circle }
    router@{ label: "Router", shape: circle }
    end

    subgraph cloud [Public Cloud]
    wiregaurd@{ label: "Wiregaurd", shape: rect }
    matchbox@{ label: "Matchbox", shape: rect }
    end

    server --- switch
    switch --- router
    router --- wiregaurd
    wiregaurd --- matchbox

Homelab

Setting up Network Boot VLAN

We begin by creating a VLAN on the router and assign by MAC address the first port of each server to it.

Initializing Wiregaurd node

One feature of the Router is that it can act as either a Wiregaurd server or client. In this instance, the client implementation is initialized and all traffic on the Network Boot VLAN will be assigned to go through the Wiregaurd connection.

Public Cloud

flowchart LR
    gateway@{ label: "External Passthrough Network Load Balancer", shape: rect }

    subgraph k8s [Kubernetes]
    wiregaurd@{ label: "Wiregaurd", shape: rect }
    matchbox@{ label: "Matchbox", shape: rect }
    end

    gateway --- wiregaurd
    wiregaurd --- matchbox

Within a public cloud (e.g. AWS, Azure, GCP), a Kubernetes cluster will be instantiated.

Kubernetes Architecture

flowchart LR
    subgraph ns [Network Boot Namespace]
    direction LR
    wiregaurd_service@{ label: "Wiregaurd Service (LoadBalancer)", shape: rect }
    wiregaurd@{ label: "Wiregaurd Daemon Set", shape: rect }
    wiregaurd_config@{ label: "Wiregaurd Config Secret", shape: cyl }
    matchbox@{ label: "Matchbox Deployment", shape: rect }
    matchbox_config@{ label: "Matchbox Config Volume", shape: cyl }
    end

    wiregaurd_service --- wiregaurd
    wiregaurd --- wiregaurd_config
    wiregaurd --- matchbox
    matchbox --- matchbox_config

Boot Sequence

sequenceDiagram
    participant server as Server
    participant router as Router
    participant wiregaurd as Wiregaurd
    participant matchbox as Matchbox

    server ->> router: UEFI HTTP boot request
    router ->> wiregaurd: Encrypted UEFI HTTP boot request
    wiregaurd ->> matchbox: UEFI HTTP boot request
    matchbox ->> wiregaurd: UEFI Executable Image
    wiregaurd ->> router: UEFI Executable Image
    router ->> server: UEFI Executable Image

Last modified May 4, 2025: story(issue-531): docs reorder into more linear progression of architecture (#532) (4e12681)