Package: ipxe Version: 1.0.0+git-20190125.36a4c85-5.1 Severity: normal Tags: ipv6
Hi, My infrastructure has IPv6 and is announcing IPv6-only DNS servers over Router Announcements in addition to having regular DHCPv4. The Router Announcements have the Managed Bit set, but the DHCPv6 server doesn't answer if there is no host-specific data in the DHCP configuration. I have a certain machine that doesn't boot in this environment. A trace shows the following. - machine is turned on, link up - Intel Boot Agent does DHCPv4, gets next-server and boot file name undionly.kpxe - Intel Boot Agent does tftp, downloading undionly.kpxe. - undionly.kpxe does DHCPv4, gets next server and URL to an ipxe menu. - undionly.kpxe does Router Solicitation and receives a Router Announcement - undionly.kpxe tries to reach a DHCPv6 server multiple times, no reply - I do NOT see the system doing IPv6 DAD, nor do I see the system joining any multicast groups. According to RFC4861 7.2.1, the node MUST join at least the all-nodes multicast group and the solicited-node multicast group belonging to the MAC address of the Interface. - undionly.kpxe sends out an AAAA query for the host name part of the URL via IPv6 to one of the name servers given in the Router Announcements (the DNS server is on a different network, so the packet gets actually sent to the default gateway). - The default gateway sends a neighbor solicitation for the IPv6 address that the DNS query was sent from, using the correct solicited-node multicast IPv6 and MAC addresses - the system doesn't react to this neighbor solicitation - the system re-sends the DNS query and ignores the neighbor solicitation again. - this repeats a couple of times until ipxe gives up The IPXE feature list given on the console while running also does not contain any reference to IPv6 being enabled. What kind of confuses me is that a Thinkpad X121e connected to the same switch port with the same cable boots off this network just fine. It doesn't join the multicast groups either, but it looks like it is able to make sense out of the neighbor solicitation, responds properly, gets its DNS queries answered and is able to continue the boot process despite the RFC violation of not joining those multicast groups. Turning off the RDNSS option in the router announcements made the system use the IPv4 name servers from the DHCPv4 assignment, which eventuelly allowed the machine to boot. So I think we're having three bug reports here: - the IPv6 RFC violation of not doing IPv6 DAD and not joining required multicast groups - not being able to properly receive the multicasted neighbor solicitation of the gateway on one particular type of hardware - not trying one of the other DNS servers after the queries to the first one were unsuccessful I am not reporting this upstream since upstream has advanced considerably since this package was uploaded to Debian. Do you need help packaging a current version of ipxe? Can I do anything else to help with this bug report and/or ipxe? Greetings Marc
