Pali Rohár
2018-11-01 23:16:00 UTC
Hello,
I'm trying to use iPXE on IPv6-enabled network. Everything is running
fine on this network, all IPv4 and IPv6 application, just iPXE has
problems. It cannot connect to any host which has both
IPv6 router send RA packet without Autonomous bit (=disable SLAAC) and
with Managed and Other bits (= use DHCPv6 for IPv6 address assignment).
Also on network is available standard IPv4 connection via DHCP.
When iPXE is run on this network with enabled NET_PROTO_IPV6 then it
cannot connect to any host, just show error message: Network
unreachable.
When iPXE is compiled without NET_PROTO_IPV6 then everything is working
fine and (IPv4) network is accessible.
I guess that problem is in DNS resoling process. When host has more AAAA
and more A records, iPXE chose just first IPv6 one and fails when first
record is unreachable. Also in case no IPv6 address is assigned. And
when IPv4 network is functional it does not try to fallback.
Same problem can be reproduced with Debian Stable version of qemu with
current git version of iPXE.
Below is output for iPXE 133f4c47baef6002b2ccb4904a035cda2303c6e5 with
enabled NET_PROTO_IPV6:
=======================================================================
$ cd src
$ sed 's/#undef\tNET_PROTO_IPV6/#define\tNET_PROTO_IPV6/' -i config/general.h
$ make -j8 bin/rtl8139.rom
$ qemu-system-x86_64 -netdev user,id=n1 -device rtl8139,netdev=n1,romfile=bin/rtl8139.rom -boot order=n -curses
SeaBIOS (version 1.10.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+07F90DD0+07ED0DD0 CA00
Booting from ROM...
iPXE (PCI 00:03.0) starting execution...ok
iPXE initialising devices...ok
iPXE 1.0.0+ (133f) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS HTTP iSCSI TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
iPXE> dhcp
Configuring (net0 52:54:00:12:34:56)...... ok
iPXE> imgload http://boot.ipxe.org
http://boot.ipxe.org... Network unreachable (http://ipxe.org/280a6011)
iPXE>
=======================================================================
And below is output for iPXE when NET_PROTO_IPV6 is not enabled (without
that sed command recompiled):
=======================================================================
SeaBIOS (version 1.10.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+07F92DD0+07EF2DD0 CA00
Booting from ROM...
iPXE (PCI 00:03.0) starting execution...ok
iPXE initialising devices...ok
iPXE 1.0.0+ (133f) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS HTTP iSCSI TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
iPXE> dhcp
Configuring (net0 52:54:00:12:34:56)...... ok
iPXE> imgload http://boot.ipxe.org
http://boot.ipxe.org... ok
iPXE>
=======================================================================
So it can be clearly seen that problem is in iPXE's IPv6 implementation
as iPXE version without IPv6 is working fine as expected.
Host boot.ipxe.org has both A and AAAA records, so even when IPv6 is
compiled, but not available (for any reason), IPv4 should work.
Similar/same problem was reported for netboot.xyz project:
https://github.com/antonym/netboot.xyz/issues/283
I'm trying to use iPXE on IPv6-enabled network. Everything is running
fine on this network, all IPv4 and IPv6 application, just iPXE has
problems. It cannot connect to any host which has both
IPv6 router send RA packet without Autonomous bit (=disable SLAAC) and
with Managed and Other bits (= use DHCPv6 for IPv6 address assignment).
Also on network is available standard IPv4 connection via DHCP.
When iPXE is run on this network with enabled NET_PROTO_IPV6 then it
cannot connect to any host, just show error message: Network
unreachable.
When iPXE is compiled without NET_PROTO_IPV6 then everything is working
fine and (IPv4) network is accessible.
I guess that problem is in DNS resoling process. When host has more AAAA
and more A records, iPXE chose just first IPv6 one and fails when first
record is unreachable. Also in case no IPv6 address is assigned. And
when IPv4 network is functional it does not try to fallback.
Same problem can be reproduced with Debian Stable version of qemu with
current git version of iPXE.
Below is output for iPXE 133f4c47baef6002b2ccb4904a035cda2303c6e5 with
enabled NET_PROTO_IPV6:
=======================================================================
$ cd src
$ sed 's/#undef\tNET_PROTO_IPV6/#define\tNET_PROTO_IPV6/' -i config/general.h
$ make -j8 bin/rtl8139.rom
$ qemu-system-x86_64 -netdev user,id=n1 -device rtl8139,netdev=n1,romfile=bin/rtl8139.rom -boot order=n -curses
SeaBIOS (version 1.10.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+07F90DD0+07ED0DD0 CA00
Booting from ROM...
iPXE (PCI 00:03.0) starting execution...ok
iPXE initialising devices...ok
iPXE 1.0.0+ (133f) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS HTTP iSCSI TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
iPXE> dhcp
Configuring (net0 52:54:00:12:34:56)...... ok
iPXE> imgload http://boot.ipxe.org
http://boot.ipxe.org... Network unreachable (http://ipxe.org/280a6011)
iPXE>
=======================================================================
And below is output for iPXE when NET_PROTO_IPV6 is not enabled (without
that sed command recompiled):
=======================================================================
SeaBIOS (version 1.10.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+07F92DD0+07EF2DD0 CA00
Booting from ROM...
iPXE (PCI 00:03.0) starting execution...ok
iPXE initialising devices...ok
iPXE 1.0.0+ (133f) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS HTTP iSCSI TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
iPXE> dhcp
Configuring (net0 52:54:00:12:34:56)...... ok
iPXE> imgload http://boot.ipxe.org
http://boot.ipxe.org... ok
iPXE>
=======================================================================
So it can be clearly seen that problem is in iPXE's IPv6 implementation
as iPXE version without IPv6 is working fine as expected.
Host boot.ipxe.org has both A and AAAA records, so even when IPv6 is
compiled, but not available (for any reason), IPv4 should work.
Similar/same problem was reported for netboot.xyz project:
https://github.com/antonym/netboot.xyz/issues/283
--
Pali Rohár
***@gmail.com
Pali Rohár
***@gmail.com