RA & DHCP problem...

Nick Hilliard nick at foobar.org
Sun Dec 29 15:09:01 CET 2013


On 29/12/2013 13:12, Philipp Kern wrote:
> that's basically what I said. I added the additional point that the DHCP
> server gives out different gateways for load balancing reasons.

Right, I just misunderstood what you were saying.

>> No, you can't do tightly timed failover with RAs […]
> 
> How would you make that work with DHCPv6? Isn't that also MAC failover
> which you refuse to consider for RAs?

Let me be more specific: you can only do tightly timed failover with RAs if
you announce a virtual IP address which is tied to a first-hop redundancy
protocol like vrrp/hsrp/etc.  This is a vendor specific thing and is not
even supported by many vendors.

You cannot depend on the built-in mechanisms in RA and NUD to perform fast
failover because you end up with a choice of either 10+ second failover or
else compromising your network structure due to excess icmpv6 NS packets.
Neither of these are workable solutions in production networks.

If you want fast failover, you need to use vrrp / hsrp / carp / etc, all of
which provide mac failover at layer 2.  In this situation, you need a
mechanism to deliver the default gateway information to the client.  At the
moment, the only standardised option is manual configuration.  This doesn't
scale.

> You would still have ND. And it's all part of ICMPv6, so you don't avoid
> "an entire protocol" unless you specify a target MAC to send traffic to.

icmpv6 is a large pot of protocols which do many different things.  RA is
one subsection which delivers a specific set of services, and I usually
consider it to be a separate protocol in its own right.

>> 3. there is no way of specifying a global unicast ipv6 address.  You can
>> only specify link-local addresses.
> 
> True. But you are talking about large L2 domains, which have link-local
> addressing. What's wrong with that?

I'm just saying it's not possible to deploy global unicast addresses using
RA.  Maybe this doesn't matter to you.  It's not that important to me
either, but it may be important to some people with different network
structures.  Personally, I don't like the idea of unreasonable restriction
of options when it comes to configuring networks.

>> 5. there is no way to specify anything other than a default gateway.
> 
> RDNSS is there, but not arbitary data, that's true. Yes, the big iron

no, I meant that there is no other way to specify routing information other
than a default route.  E.g. if you have a box with two NICs; management
network on one NIC and production on the other, there is no way to get
dhcpv6 to instruct the client to hand off management traffic to one network
and everything else to the production side.  RDNSS I don't care about.

Nick




More information about the ipv6-ops mailing list