Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On Mon, Nov 19, 2018 at 12:27:37PM +, Michael Brown wrote: > On 19/11/2018 11:26, Geert Stappers wrote: } } On 2018-11-19 } } } do both ( Consider the host ipv4/ivp6 capable) > > Bullshit. Reread > > Geert: please be more polite. Acknowlegde > Michael Cheers Geert Stappers -- How unpolite is it to ignore a fellow community member?? ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On 19/11/2018 11:13, Andreas Fink wrote: On 19 Nov 2018, at 11:52, Michael Brown wrote: iPXE will query for records only if the DNS server address is itself an IPv6 address. This is the heuristic we use to decide between IPv6 and IPv4 when a DNS name is used. This is not really what the idea is. I would recommend the following logic: Yes, the logic is not guaranteed to work. It is, as I stated, a heuristic. It works in most common scenarios, and it avoids the code complexity required to handle reachability failures at the point of initiating the TCP connection. We could potentially change the logic so that the DNS resolver always queries records first, but discards any results that are unreachable according to the IPv6 routing table. Would this solve your problem? Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On 19/11/2018 11:26, Geert Stappers wrote: Bullshit. Reread Geert: please be more polite. Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
> > The DNS servers at $employer, at home and elsewhere have both IPv4 and IPv6 > addresses and, as I recall, you'd have to be pure IPv6 to get an IPv6 DNS > server. Most machines are both IPv4 and IPv6 capable and tend to get IPv4 > DNS servers and not IPv6 name servers. With a scheme that uses the DNS > server to decide whether or not to use IPv6 that would preclude using IPv6 > completely. On the other hand, it seems to make more sense to use the > address families offered by DHCP/RA -- if you're given an IPv6 address, make > queries etc. And unless you're going to adopt Happy Eyes, then > preferring IPv6 over IPv4 is better. > It's more than that. It's not only use IPv6 -OR- IPv4. It's IPv6 -AND- IPv4. It should attempt IPv6 first and if it fails try the IPv4 because the IPv6 networks of the target and the source might be interconnected with a IPv4 only backbone in which case a IPv4 end to end connection works but a IPv6 end to end doesn't (assuming both sides are dual-stack connected and the DNS has and A records). At least that was the transition idea when IPv6 was designed because it was assumed the international backbones wont all have IPv6 from day one (and this is still the case). And thats exactly the reason why DNS servers usually stay on IPv4 addresses because they always can be reached from IPv4 hosts and dual-stack hosts. Also there might be multiple hosts listed in the DNS, so the logic should try all records and if they have all failed try, all A records. I'm just reading int the code on how its done currently to see how this can be improved. ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
> On 19 Nov 2018, at 11:26, Geert Stappers > wrote: > > On Mon, Nov 19, 2018 at 12:13:55PM +0100, Andreas Fink wrote: >>> On 19 Nov 2018, at 11:52, Michael Brown wrote: >>> On 01/11/2018 17:40, Anatoli Babenia wrote: My upstream provider doesn't support IPv6. No addresses are reachable. But my router still gives me an IPv6 address and is even able to resolve records. Being able to resolve IPv6 address iPXE thinks that it got IPv6 and fails, but it should try IPv4 instead. Here is the log - https://github.com/antonym/netboot.xyz/issues/283 Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? Also, is there an option to disable IPv6 from Failsafe Menu? Manual network configuration doesn't help. >>> >>> iPXE will query for records only if the DNS server address is itself >>> an IPv6 address. This is the heuristic we use to decide between IPv6 and >>> IPv4 when a DNS name is used. >> >> This is not really what the idea is. >> >> I would recommend the following logic: > > I would appreciate patches. > >> 1. If there is a IPv4 address only provided by the DHCP server, do IPv4 >> only. Consider the host "ipv4 only" >> 1. If there is a IPv6 address only provided by the DHCP server or through >> router advertizement (and its not only link local) do IPv6 only. Consider >> the host "ipv6 only" >> 3. If there host has a IPv4 and a IPv6 address do both ( Consider the host >> ipv4/ivp6 capable) > > Bullshit. Reread That made a lot of sense to me ... >>> iPXE will query for records only if the DNS server address is itself >>> an IPv6 address. This is the heuristic we use to decide between IPv6 and >>> IPv4 when a DNS name is used. > > Pay attention to the "decide between IPv6 and IPv4" part. I guess I'm missing something fundamental here because I don't see how using the DNS server address is going to work in many cases. The DNS servers at $employer, at home and elsewhere have both IPv4 and IPv6 addresses and, as I recall, you'd have to be pure IPv6 to get an IPv6 DNS server. Most machines are both IPv4 and IPv6 capable and tend to get IPv4 DNS servers and not IPv6 name servers. With a scheme that uses the DNS server to decide whether or not to use IPv6 that would preclude using IPv6 completely. On the other hand, it seems to make more sense to use the address families offered by DHCP/RA -- if you're given an IPv6 address, make queries etc. And unless you're going to adopt Happy Eyes, then preferring IPv6 over IPv4 is better. jch > > > Cheers > Geert Stappers > ___ > ipxe-devel mailing list > ipxe-devel@lists.ipxe.org > https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On Mon, Nov 19, 2018 at 12:13:55PM +0100, Andreas Fink wrote: > > On 19 Nov 2018, at 11:52, Michael Brown wrote: > > On 01/11/2018 17:40, Anatoli Babenia wrote: > >> My upstream provider doesn't support IPv6. No addresses are reachable. > >> But my router still gives me an IPv6 address and is even able to resolve > >> records. Being able to resolve IPv6 address iPXE thinks that it got > >> IPv6 and fails, but it should try IPv4 instead. > >> Here is the log - https://github.com/antonym/netboot.xyz/issues/283 > >> Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? > >> Also, is there an option to disable IPv6 from Failsafe Menu? Manual > >> network configuration doesn't help. > > > > iPXE will query for records only if the DNS server address is itself > > an IPv6 address. This is the heuristic we use to decide between IPv6 and > > IPv4 when a DNS name is used. > > This is not really what the idea is. > > I would recommend the following logic: I would appreciate patches. > 1. If there is a IPv4 address only provided by the DHCP server, do IPv4 only. > Consider the host "ipv4 only" > 1. If there is a IPv6 address only provided by the DHCP server or through > router advertizement (and its not only link local) do IPv6 only. Consider > the host "ipv6 only" > 3. If there host has a IPv4 and a IPv6 address do both ( Consider the host > ipv4/ivp6 capable) Bullshit. Reread > > iPXE will query for records only if the DNS server address is itself > > an IPv6 address. This is the heuristic we use to decide between IPv6 and > > IPv4 when a DNS name is used. Pay attention to the "decide between IPv6 and IPv4" part. Cheers Geert Stappers ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
> On 19 Nov 2018, at 11:52, Michael Brown wrote: > > On 01/11/2018 17:40, Anatoli Babenia wrote: >> My upstream provider doesn't support IPv6. No addresses are reachable. >> But my router still gives me an IPv6 address and is even able to resolve >> records. Being able to resolve IPv6 address iPXE thinks that it got >> IPv6 and fails, but it should try IPv4 instead. >> Here is the log - https://github.com/antonym/netboot.xyz/issues/283 >> Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? >> Also, is there an option to disable IPv6 from Failsafe Menu? Manual >> network configuration doesn't help. > > iPXE will query for records only if the DNS server address is itself an > IPv6 address. This is the heuristic we use to decide between IPv6 and IPv4 > when a DNS name is used. This is not really what the idea is. I would recommend the following logic: 1. If there is a IPv4 address only provided by the DHCP server, do IPv4 only. Consider the host "ipv4 only" 1. If there is a IPv6 address only provided by the DHCP server or through router advertizement (and its not only link local) do IPv6 only. Consider the host "ipv6 only" 3. If there host has a IPv4 and a IPv6 address do both ( Consider the host ipv4/ivp6 capable) Now to connect to the DNS: The IP address given by DHCP to the host is either a IPv4 or a IPv6 address. ipv4 only: Try to query DNS servers which have IPv4 addresses only. Only ask for A records ipv6 only: Try to query DNS servers which have IPv6 addresses only. Only ask for records ipv4/ivp6 capable: Try to query DNS servers which have either address and ask for A and records Now to talk to the remote host: ipv4 only: connect to the first A records. If that fails, try any subsequent A records. ipv6 only: connect to the first records. If that fails, try any subsequent records ipv4/ivp6 capable: connect to the first records. If that fails, try any subsequent records if all records have failed, connect to the first A records. If that fails, try any subsequent A records. This way, it always works. Trying records which are not reachable might add some delay. But as mentioned before, if you have a router announcing IPv6 to you, you should be able to reach IPv6 hosts. If not, dont let the router announce a subnet which is isolated. Note: it might be ok to announce a local subnet which is not routed internationally. In this case, the logic to apply would be if the DNS server or the host to connect to can be considered reachable over the router or not. If the IPv6 starts with F... probably not. Andreas ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On 01/11/2018 17:40, Anatoli Babenia wrote: My upstream provider doesn't support IPv6. No addresses are reachable. But my router still gives me an IPv6 address and is even able to resolve records. Being able to resolve IPv6 address iPXE thinks that it got IPv6 and fails, but it should try IPv4 instead. Here is the log - https://github.com/antonym/netboot.xyz/issues/283 Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? Also, is there an option to disable IPv6 from Failsafe Menu? Manual network configuration doesn't help. iPXE will query for records only if the DNS server address is itself an IPv6 address. This is the heuristic we use to decide between IPv6 and IPv4 when a DNS name is used. The best solution would be to fix your router to not provide an IPv6 address, since IPv6 is not actually functional. This should also speed up other computers on your network: they will no longer attempt IPv6 first before timing out and falling back to IPv4. If fixing your router is not an option, then you can use an embedded script fragment such as: dhcp set dns:ipv4 ${netX.dhcp/dns} This will override any IPv6 nameserver address by explicitly setting the DHCPv4-acquired address as the "manual" nameserver address. Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Fallback to IPv4 or disable IPv6
On Thu, Nov 1, 2018 at 9:35 PM Anatoli Babenia wrote: > > Hello, > > My upstream provider doesn't support IPv6. No addresses are reachable. > But my router still gives me an IPv6 address and is even able to resolve > records. Being able to resolve IPv6 address iPXE thinks that it got > IPv6 and fails, but it should try IPv4 instead. > > Here is the log - https://github.com/antonym/netboot.xyz/issues/283 > > Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? > > Also, is there an option to disable IPv6 from Failsafe Menu? Manual > network configuration doesn't help. > -- > Anatoli Babenia Why not just disable RA (Router Advertisement) on your router ? It seems odd to want to modify iPXE to work around "broken" IPv6 environments? Cheers ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
[ipxe-devel] Fallback to IPv4 or disable IPv6
Hello, My upstream provider doesn't support IPv6. No addresses are reachable. But my router still gives me an IPv6 address and is even able to resolve records. Being able to resolve IPv6 address iPXE thinks that it got IPv6 and fails, but it should try IPv4 instead. Here is the log - https://github.com/antonym/netboot.xyz/issues/283 Is it possible to make current 133f fallback to IPv4 if IPv6 fetch fails? Also, is there an option to disable IPv6 from Failsafe Menu? Manual network configuration doesn't help. -- Anatoli Babenia ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel