RA & DHCP problem...

Philipp Kern phil at philkern.de
Sun Dec 29 15:15:40 CET 2013


Hi,

On Sun, Dec 29, 2013 at 02:09:01PM +0000, Nick Hilliard wrote:
> Let me be more specific: you can only do tightly timed failover with RAs if
> you announce a virtual IP address which is tied to a first-hop redundancy
> protocol like vrrp/hsrp/etc.  This is a vendor specific thing and is not
> even supported by many vendors.
> 
> You cannot depend on the built-in mechanisms in RA and NUD to perform fast
> failover because you end up with a choice of either 10+ second failover or
> else compromising your network structure due to excess icmpv6 NS packets.
> Neither of these are workable solutions in production networks.
> 
> If you want fast failover, you need to use vrrp / hsrp / carp / etc, all of
> which provide mac failover at layer 2.  In this situation, you need a
> mechanism to deliver the default gateway information to the client.  At the
> moment, the only standardised option is manual configuration.  This doesn't
> scale.

I was talking about doing fast failover with DHCPv6. But apparently
there is some misunderstanding here. You can use RAs to communicate the
VRRP/HSRP/CARP/etc addresses. There is absolutely no need for manual
configuration in this case. It does not need to be a global unicast
address and both routers can simply RA with the virtual IP and the
virtual MAC.

> I'm just saying it's not possible to deploy global unicast addresses using
> RA.  Maybe this doesn't matter to you.  It's not that important to me
> either, but it may be important to some people with different network
> structures.  Personally, I don't like the idea of unreasonable restriction
> of options when it comes to configuring networks.

To deploy global unicast addresses as routing targets you mean (that by
definition need to be on-link and be ND resolvable, which might of
course also be realized by proxying NDs).

> >> 5. there is no way to specify anything other than a default gateway.
> > RDNSS is there, but not arbitary data, that's true. Yes, the big iron
> no, I meant that there is no other way to specify routing information other
> than a default route.  E.g. if you have a box with two NICs; management
> network on one NIC and production on the other, there is no way to get
> dhcpv6 to instruct the client to hand off management traffic to one network
> and everything else to the production side.  RDNSS I don't care about.

Of course that works: RFC4191. Windows routinely sent out such RAs, too.

Kind regards
Philipp Kern


More information about the ipv6-ops mailing list