[Asterisk-Users] TFTP - Good or Bad?

[Gary Guthary]

Hi Guys/Gals -

I don't post here often but I read with interest all the postings. - I've
been on a lot of mailing lists, but this one is by far the most interesting.

I've been doing a lot of work with 'tftp' loading Cisco 79xx phones with
firmware, configs. for asterisk, etc.

And I see where a lot of folks have trouble with 'tftp', use alternate port
numbers (probably to get around firewall issues), etc. - And I've even seen
where some folks complain that 'tftp' is one of the 'worst' protocols on the
Internet.

At the end of this posting, I've included a little tid-bit on
'primary/alternate' 'tftp' servers for the Cisco 79xx phone setup.

This next part is mainly for 'newbies' who are new to asterisk & haven't got
a clue as to what 'tftp' is. - Advanced users, geeks, etc., please disregard
the next part if you want.

Apologize in advance if this is boring.

Going back to 'Networking 101', just exactly what is 'tftp'? - Is there any
reason WHY it came into being in the first place?

'tftp' stands for 'Trivial File Transfer Protocol'. - Unlike the more
popular 'ftp' protocol, 'tftp' is considered 'non-secure'. - Meaning that no
login name/password challenge is require. - The 'device' (computer, phone,
whatever) sends a request to the 'tftp' server for the file & the server
sends it. - Plain and simple.

'tftp' also uses the 'UDP' (User Datagram Protocol). - The main difference
between 'UDP' and 'TCP' is that 'UDP' uses NO ERROR CORRECTION. - No 'acks'
& 'naks' to make sure all the packets arrive okay at the receiving end. -
It's up the receiving end to make sure everything was received okay.

Why tftp? - Back in the 'olden' days....  When hard disk drives were
expensive, the Unix folks (i.e. the folks at Sun Microsystems) came up with
the idea of 'diskless workstations'. - But for a 'diskless workstation' to
boot up & load an operating system, enter 'tftp'.

When you fired up your diskless work station, it would start up, DHCP it's
network stuff then go out to the 'tftp' server for it's O/S. - The 'tftp'
server would send the 'boot image' and your workstation would be up and
running. - Simple as that.

Well, not really that simple. - Here's a couple of 'Hows?' and 'What ifs?'.

How did the workstation lean the IP address of the 'tftp' server when it
booted?

When the workstation DHCP'd it's IP address, netmask, gateway, etc., it ALSO
got the "PRIMARY TFTP SERVER ADDRESS". - This part is STILL part of the DHCP
protocol but a lot of folks don't know it. - Also, for historical purposes,
in the olden days we didn't call it DHCP. - It was called 'bootp' - or
'bootpset'.

What if the 'boot image' got mangled when the workstation loaded it?

Good question. - When the workstation received the 'boot image', the 'boot
image' also included a 'checksum' (much similar to our present day
md5-checksum). - This checksum was verified. - If it didn't match, the
workstation simply asked for the 'boot image' file again.

In those days, 'tftp' usually worked very well. - Mainly because all the
'devices' were on the same segment of Ethernet.

For newbies.- We asterisk/IP-Phone folks use 'tftp' to let our
phones/devices download their configs. when logging into asterisk. - I'm not
going into detail here how it works. - There's plenty of docs., readmes, &
man pages covering this.

Today, when we start doing 'tftp' transfers over several hundred/thousand
miles of 'Internet', things can get complicated. - I have a 'Broadvoice'
account and hit it with a Sipura ATA. - This means that I 'tftp' whenever I
fire up my Sipura. - But I live in JAPAN. - And that's not a short-haul from
me to the 'Broadvoice' 'tftp' server. - But most of the times, I boot up
just fine.

If your phones/devices are on the same local Ethernet segment, you should be
okay. - But if you have long distances or firewalls between your devices and
the 'tftp' server, you might encounter some difficulties.

If you have 'tftp' problems, take a good hard look at your network.  But
don't blame your problems on the protocol itself.

Cisco 79xx phones & 'tftp' server addresses.

When configuring a Cisco 79xx phone, you'll probably see configs. for
'primary' and 'alternate' 'tftp' server. - Especially if the phone is
configured for DHCP. - You'll also notice that you CANNOT make any changes
to the 'primary tftp' server but you can define an 'alternate tftp' server.

Reason - If the Cisco phone DHCP's a 'tftp' server address, it will become
the phone's 'primary tftp' server. - In most cases, it probably won't (but
that's up to your network admin). - If you wish to manually define a 'tftp'
server, you have to set it up as an 'alternate tftp' server. - If this is
the case, the phone will let the 'alternate tftp' server's address OVERRIDE
the 'primary tftp' server's address (if you DHCP'd one or not).

Bottom line. - If you want to force your Cisco 79xx phone to go to a
specific 'tftp' server, set that server's address as the 'alternate tftp'
server.

Gary Guthary
gguthary at jtech.net