RA for a different router

Ole Troan otroan at employees.org
Mon Dec 21 06:11:28 CET 2009


Nick,

>> I probably missed the memo but *why* would you want to send the default 
>> gateway in a DHCPv6 response when the local network topology would 
>> *know* far more accurately what is going on.  Especially when you 
>> consider gateway failover and that in theory you do *not* need anything 
>> like VRRP/HSRP as the glue to do this.
> 
> RA gateway fail-over takes $client_ra_timeout seconds for clients to
> realise that the gateway has disappeared, where $client_ra_timeout is
> substantially greater than $ra_announcement_interval (probably by a factor
> of at least 3 in order to cope with packet loss, etc).  Typically,
> $ra_announcement_interval will measured in seconds, possibly tens of
> seconds.  This leads to fail-over times of tens of seconds to possibly
> minutes.   vrrp / hsrp / glbp will typically provide fail-over in an order
> of magnitude less time.

this is not quite correct. Neighbor Unreachability Detection is the mechanism used by a host to detect failure of one of its default routers. as a part of NUD a host can detect that a connection doesn't make forward progress, e.g not receiving TCP acks or that active probing (NS/NA) fails. the latter uses a default timer of 30 seconds, but that can be configured by the operator (included in RA messages), down to milliseconds. in IPv6 a host can use multiple default routers at the same time, so the effect of a single default router failure and the time it takes for all hosts to converge varies.

> As a network operator, I would be much happier depending for network
> stability on vrrp & friends (which I can control) rather than waiting for
> each client machine on a potentially large network to reconfigure its
> default gateway (which I can't control, or at least control well or easily).

you can control it to some degree with NUD, but you are correct in that VRRP/HSRP gives generally quicker convergence and less surprises.

cheers,
Ole






More information about the ipv6-ops mailing list