FS#63371 - [archiso] UEFI PXE booting the netinstall image fails with IPv6

Attached to Project: Release Engineering
Opened by Martin Rys (C0rn3j) - Monday, 05 August 2019, 08:38 GMT
Last edited by David Runge (dvzrv) - Friday, 18 February 2022, 19:23 GMT
Task Type Bug Report
Category Other
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Using dnsmasq as a secondary DHCP with the following config: https://gitlab.com/C0rn3j/configs/blob/98fd1bdc5d496646d3c117603f3b41dfc0704e17/pxe/dnsmasq.conf

This seems to be because iPXE is trying to use internal IPv6 to contact DNS and failing (see screenshots)

I've attached a wireshark trace, where 192.168.1.1 is the default gateway, .2 is the DHCP server, .10 is the host where PXE server(.178) and the VM(.221) I'm trying to PXE boot on reside.

Issue described far more eloquently by mcb30 from #ipxe:

---
I see from the trace that you have DHCPv6 configured to hand out an fd00::/8 "unique local" address and an IPv6 DNS server address

This is most likely the problem: iPXE will prefer IPv6 if given the choice, but the ULA is not globally routable and so will not be usable for communication with your IPv6 DNS server address
iPXE should probably be modified to assume that ULAs are globally routable, since the most common use case seems to be for environments that try to effectively replicate IPv4 NAT behaviour (instead of just using a global IPv6 range)
---
This task depends upon

Closed by  David Runge (dvzrv)
Friday, 18 February 2022, 19:23 GMT
Reason for closing:  Won't fix
Additional comments about closing:  This is a mixture of issues with local router hardware and the way ipxe is configured.

If you can think of further actions to mitigate this in the context of mkinitcpio-archiso, please open a ticket at https://gitlab.archlinux.org/mkinitcpio/ mkinitcpio-archiso/-/issues
Comment by David Runge (dvzrv) - Wednesday, 10 June 2020, 07:19 GMT
@C0rn3j: Thanks for the report!

Can you please try with something based on archiso v44?
Comment by Martin Rys (C0rn3j) - Wednesday, 10 June 2020, 07:22 GMT
Judging from the age of commits in the v44 branch, current 2020-06 ISO is v44?

Comment by David Runge (dvzrv) - Wednesday, 10 June 2020, 07:39 GMT
@C0rn3j: Yes. Sorry, that was rather unspecific of me! :)

I understood your above comment as you building your own image. Maybe I misunderstood? Is this at all about archiso?
Comment by Martin Rys (C0rn3j) - Wednesday, 10 June 2020, 08:14 GMT
This is about the Arch ISO, I've never built my own image.
Comment by Edwin (edwin) - Monday, 03 August 2020, 14:27 GMT
I had a similar problem that I could solve.

The clients could successfully load the PXE images from dnsmasq configured as a DHCP proxy server. (Only via the pxe-service option, the single-file dhcp-boot option apparently does not work when running as a DHCP proxy server). Configuring net0 was successful, but when trying to download https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe, the network was unreachable.
The ipxe command 'ifconf' attempts to configure both a IPv4 and a IPv6 address on the network interface.
In my case, both succeeded - but even though I don't have an external IPv6 address, iPXE only uses IPv6 when it has a local address, and inevitably fails.

My first solution was to modify ipxe-netboot from the AUR. I removed the line "echo '#define NET_PROTO_IPV6' >> config/local/general.h" from the prepare() section - this disables IPv6 support.
It worked.
Then I found out I can disable ULA (Unique local addresses) on my router. Now I can use the 'stock' images.
Comment by David Runge (dvzrv) - Tuesday, 25 August 2020, 16:53 GMT
Hm, so this seems (also) to be related to whatever is providing ipv6 to the device. Judging from Ubuntu's writeup on the topic [1] it might also not be possible with dnsmasq.

I'm honestly not yet sure how this can be fixed satisfactory. I know that our deployment for IPXE also lacks and I hope this will be improved in the coming weeks.

If you have any specific suggestions on how to fix this, please let me know!

[1] https://wiki.ubuntu.com/UEFI/SecureBoot/PXE-IPv6#DHCPv6_.28isc-dhcp-server.29

Loading...