[ipxe-devel] Boot failure when SLAAC and DHCPv6 IA_NA are both used

Tore Anderson tore at fud.no
Fri Nov 13 10:58:49 GMT 2015


Hello,

I found an issue that can cause boot failures in networks that make
simultaneous use of IPv6 address auto-configuration (SLAAC) and
stateful address assignment through DHCPv6 (IA_NA option).

(Having both enabled is a completely legitimate setup, and may in some
cases be necessary to support a wide variety of clients. For example,
Android does simply not support DHCPv6 at all, and I've seen at least
one UEFI implementation which only does DHCPv6. SLAAC and DHCPv6 are
really two orthogonal methods of address assignment.)

What happens is the following:

1) An ICMPv6 RA arrives with M=1 (indicating DHCPv6 IA_NA is available)
and a PIO with A=1 (indicates SLAAC is allowed).
2) iPXE acquires an address using DHCPv6 IA_NA (and appears to ignore
SLAAC)
3) Bootup proceeds and iPXE starts downloading stuff like the Linux
kernel, initramfs images, etc.
4) While this download is in progress, another (unsolicited periodic)
ICMPv6 RA arrives.
5) iPXE instantly deconfigures the DHCPv6 IA_NA-assigned address it is
currently using for the download and assigns itself a new address using
SLAAC.
6) The TCP connection hangs, because it is using a local IPv6 address
which is no longer configured on the system. The boot fails (or at
least it hangs for at least 30m, at which point I gave up waiting for
it to recover).

On http://filebin.net/do8rej2qj7 you'll find a PCAP showing this
happening while booting the demo. During the entire process I'm pinging
both the SLAAC- and DHCPv6-assigned addresses (2a02:c0:300:103::d:9940
and 2a02:c0:300:103:216:3eff:fec2:16b7, respectively) so you can see
which ones are active at any given time.

Although it's not a strictly correct behaviour to consider SLAAC and
DHCP6 as mutually exclusive (IPv6 is designed with support for multiple
addresses being simultaneously active), I don't really mind that part.
However if you can't simply bring up both addresses independently of
each other, once the decision to use only one of them is made, it's
necessary to stick with that decision until the boot process has
completed.

Tore


More information about the ipxe-devel mailing list