IPv6 support for UEFI IPv6 booting

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

IPv6 support for UEFI IPv6 booting

Andrew Forgue
Hi there!

I'm reporting what I think are two different bugs in IPv6 supporting infrastructure.  I use OpenBSD 6.6 as a gateway machine serving DHCPv6 and Router Advertisements.  I'm trying to boot a UEFI machine with pure IPv6 HTTP (UEFI 2.5+) and I'm running into some issues.

Some background -- my network architecture has two rdomains (0 and 2) with pair devices connecting the two.  The provisioning machine is in rdomain 2, and the DHCPv6 server is in rdomain 0.    The interface of the provisioning machine is vlan6 which only has an IPv6 address on it, no IPv4 and no DHCPv4 is running.  This requires relaying DHCP from vlan6 (rdomain2) to em0 (rdomain 0), using dhcrelay6.

First, when the dhcrelay6 process forwards the DHCP SOLICIT from the machine, the "link-address" is set to the link-local address of the interface, instead of the gllobally routable address.


However, the DHCPv6 server I'm using, Kea - treats any network with a link-address of a link local address as a directly connected network and thus fails to select any subnet (let alone the correct one):


In the code, since Kea skips setting selector.first_relay_linkaddr_ (due to the aforementioned link-local address in link-address) it defaults to "::".   I haven't tried any other DHCPv6 server.  RFC 8415 19.1.1 *strongly* suggests to use the globally routable address and only use the link-local if there's no globally routable address.

So i ended up switching to ISC's dhcp relay instead through the isc-dhcp-server package which worked fine (i.e. it sets the global address in llink-address so Kea can select the proper subnet).

Next, once that was worked-around, the machine booting does a IPv6 router-solicitation to get the gateway address (since DHCPv6 can't provide that information).  The machine sources the address from "::", but rad ignores it with a log message of: "RA from non link local address ::", code:

        https://github.com/openbsd/src/blob/64e2b1d674c763508d45c7dcb85a0a80efadd8c9/sbin/slaacd/engine.c#L1162 (i assume the rad code uses the slaacd engine? It's the only place I found the error message.)
The RFC suggests that "::" is a valid source address for Router solicitation messages. (https://tools.ietf.org/html/rfc4861#section-4.1)

Anyway, let me know if there's anything specific that would help explain anything.

I guess the TL;DR is

- dhcrelay6 should set the global address in the relayed DHCPv6 packet instead of the link-local
- rad should send an RA when receiving an RS from the unspecified address "::"

Thanks for reading!