Hi there!
I'm reporting what I think are two different bugs in IPv6 supporting
infrastructure. I use OpenBSD 6.6 as a gateway machine serving DHCPv6 and
Router Advertisements. I'm trying to boot a UEFI machine with pure IPv6 HTTP
(UEFI 2.5+) and I'm running into some issues.
Some background -- my network architecture has two rdomains (0 and 2) with pair
devices connecting the two. The provisioning machine is in rdomain 2, and the
DHCPv6 server is in rdomain 0. The interface of the provisioning machine is
vlan6 which only has an IPv6 address on it, no IPv4 and no DHCPv4 is running.
This requires relaying DHCP from vlan6 (rdomain2) to em0 (rdomain 0), using
dhcrelay6.
First, when the dhcrelay6 process forwards the DHCP SOLICIT from the machine,
the "link-address" is set to the link-local address of the interface, instead
of the gllobally routable address.
https://github.com/openbsd/src/blob/master/usr.sbin/dhcrelay6/dhcrelay6.c#L581
However, the DHCPv6 server I'm using, Kea - treats any network with a
link-address of a link local address as a directly connected network and thus
fails to select any subnet (let alone the correct one):
https://github.com/isc-projects/kea/blob/122473c18b632ddfa22b8a48f6d9399bc18e2598/src/lib/dhcpsrv/cfg_subnets6.cc#L212
In the code, since Kea skips setting selector.first_relay_linkaddr_ (due to the
aforementioned link-local address in link-address) it defaults to "::". I
haven't tried any other DHCPv6 server. RFC 8415 19.1.1 *strongly* suggests to
use the globally routable address and only use the link-local if there's no
globally routable address.
So i ended up switching to ISC's dhcp relay instead through the isc-dhcp-server
package which worked fine (i.e. it sets the global address in llink-address so
Kea can select the proper subnet).
Next, once that was worked-around, the machine booting does a IPv6
router-solicitation to get the gateway address (since DHCPv6 can't provide that
information). The machine sources the address from "::", but rad ignores it
with a log message of: "RA from non link local address ::", code:
https://github.com/openbsd/src/blob/64e2b1d674c763508d45c7dcb85a0a80efadd8c9/sbin/slaacd/engine.c#L1162
(i assume the rad code uses the slaacd engine? It's the only place I found the
error message.)
The RFC suggests that "::" is a valid source address for Router solicitation
messages. (https://tools.ietf.org/html/rfc4861#section-4.1)
Anyway, let me know if there's anything specific that would help explain
anything.
I guess the TL;DR is
- dhcrelay6 should set the global address in the relayed DHCPv6 packet instead
of the link-local
- rad should send an RA when receiving an RS from the unspecified address "::"
Thanks for reading!
-Andrew
