[ipxe-devel] Boot failure when SLAAC and DHCPv6 IA_NA are both used
wissams at mellanox.com
Sun Nov 15 09:25:27 UTC 2015
we also encountered this issue in the past:
We've encountered cases where in an IPv6 network, a router advertisement packet has both the "Managed address configuration" bit set, telling iPXE to retrieve its IP address through DHCP, and the "autonomous address-configuration" bit also set, telling iPXE to generate an IP address automatically from the prefix published in the RA packet. iPXE supports only a single IP address for each subnet/prefix, so when it receives the second RA packet, it replaces the IP address configured by DHCP with the stateless address generated with the prefix.
If the RA packet is received in the middle of a TCP transfer, the connection is broken, and the incoming packets are dropped as they belong to the previous IP address.
This can also happen if a subnet contains two routers, for instance a DHCP server, and a switch, both publishing conflicting router advertisement packets.
We are not sure whether this is a valid configuration. In any case, we believe the fact that iPXE only supports a single IP is problematic, because our Linux servers were able to configure both IP address without a problem.
What do you think should be the right behavior in this case? Perhaps iPXE should store two IP addresses on each prefix - one from SLAAC and one from DHCPv6?
From: ipxe-devel-bounces at lists.ipxe.org [mailto:ipxe-devel-bounces at lists.ipxe.org] On Behalf Of Tore Anderson
Sent: Friday, November 13, 2015 12:59
To: ipxe-devel at lists.ipxe.org
Subject: [ipxe-devel] Boot failure when SLAAC and DHCPv6 IA_NA are both used
I found an issue that can cause boot failures in networks that make simultaneous use of IPv6 address auto-configuration (SLAAC) and stateful address assignment through DHCPv6 (IA_NA option).
(Having both enabled is a completely legitimate setup, and may in some cases be necessary to support a wide variety of clients. For example, Android does simply not support DHCPv6 at all, and I've seen at least one UEFI implementation which only does DHCPv6. SLAAC and DHCPv6 are really two orthogonal methods of address assignment.)
What happens is the following:
1) An ICMPv6 RA arrives with M=1 (indicating DHCPv6 IA_NA is available) and a PIO with A=1 (indicates SLAAC is allowed).
2) iPXE acquires an address using DHCPv6 IA_NA (and appears to ignore
3) Bootup proceeds and iPXE starts downloading stuff like the Linux kernel, initramfs images, etc.
4) While this download is in progress, another (unsolicited periodic)
ICMPv6 RA arrives.
5) iPXE instantly deconfigures the DHCPv6 IA_NA-assigned address it is currently using for the download and assigns itself a new address using SLAAC.
6) The TCP connection hangs, because it is using a local IPv6 address which is no longer configured on the system. The boot fails (or at least it hangs for at least 30m, at which point I gave up waiting for it to recover).
On http://filebin.net/do8rej2qj7 you'll find a PCAP showing this happening while booting the demo. During the entire process I'm pinging both the SLAAC- and DHCPv6-assigned addresses (2a02:c0:300:103::d:9940 and 2a02:c0:300:103:216:3eff:fec2:16b7, respectively) so you can see which ones are active at any given time.
Although it's not a strictly correct behaviour to consider SLAAC and
DHCP6 as mutually exclusive (IPv6 is designed with support for multiple addresses being simultaneously active), I don't really mind that part.
However if you can't simply bring up both addresses independently of each other, once the decision to use only one of them is made, it's necessary to stick with that decision until the boot process has completed.
ipxe-devel mailing list
ipxe-devel at lists.ipxe.org
More information about the ipxe-devel