[ipxe-devel] Fallback to IPv4 or disable IPv6

Andreas Fink afink at list.fink.org
Mon Nov 19 11:13:55 UTC 2018



> On 19 Nov 2018, at 11:52, Michael Brown <mcb30 at ipxe.org> wrote:
> 
> On 01/11/2018 17:40, Anatoli Babenia wrote:
>> My upstream provider doesn't support IPv6. No addresses are reachable.
>> But my router still gives me an IPv6 address and is even able to resolve
>> AAAA records. Being able to resolve IPv6 address iPXE thinks that it got
>> IPv6 and fails, but it should try IPv4 instead.
>> Here is the log - https://github.com/antonym/netboot.xyz/issues/283
>> Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails?
>> Also, is there an option to disable IPv6 from Failsafe Menu? Manual
>> network configuration doesn't help.
> 
> iPXE will query for AAAA records only if the DNS server address is itself an IPv6 address.  This is the heuristic we use to decide between IPv6 and IPv4 when a DNS name is used.

This is not really what the idea is.

I would recommend the following logic:

1. If there is a IPv4 address only provided by the DHCP server, do IPv4 only.  Consider the host "ipv4 only"
1. If there is a IPv6 address only provided by the DHCP server or through router advertizement (and its not only link local)  do IPv6 only. Consider the host "ipv6 only"
3. If there host has a IPv4 and a IPv6 address do both ( Consider the host ipv4/ivp6 capable)

Now to connect to the DNS:
	The IP address given by DHCP to the host is either a IPv4 or a IPv6 address.

ipv4 only:		Try to query DNS servers which have IPv4 addresses only. Only ask for A records
ipv6 only:		Try to query DNS servers which have IPv6 addresses only. Only ask for AAAA records
 ipv4/ivp6 capable:	Try to query DNS servers which have either address and ask for A and AAAA records


Now to talk to the remote host:

ipv4 only:
	connect to the first A records. If that fails, try any subsequent A records.

ipv6 only:
	connect to the first AAAA records. If that fails, try any subsequent AAAA records

 ipv4/ivp6 capable:
	connect to the first AAAA records. If that fails, try any subsequent AAAA records
	if all AAAA records have failed, connect to the first A records. If that fails, try any subsequent A records.


This way, it always works.  Trying AAAA records which are not reachable might add some delay. But as mentioned before, if you have a router announcing IPv6 to you, you should be able to reach IPv6 hosts. If not, dont let the router announce a subnet which is isolated.
Note: it might be ok to announce a local subnet which is not routed internationally. In this case, the logic to apply would be if the DNS server or the host to connect to can be considered reachable over the router or not. If the IPv6 starts with F... probably not.


Andreas



More information about the ipxe-devel mailing list