[131294] in North American Network Operators' Group
=?windows-1252?Q?Re:_Failover_IPv6_with_multiple_PA_prefixes_=28?=
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Oct 21 21:21:46 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <5A6D953473350C4B9995546AFE9939EE0B14C416@RWC-EX1.corp.seven.com>
Date: Thu, 21 Oct 2010 18:18:02 -0700
To: George Bonser <gbonser@seven.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 21, 2010, at 12:35 PM, George Bonser wrote:
>=20
>=20
>> From: Jeroen Massar > Sent: Thursday, October 21, 2010 9:57 AM
>> To: Allen Smith
>> Cc: NANOG list
>> Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 =
=97
>> Unique local addresses)
>>=20
>> [Oh wow, that subject field, so handy to indicate a topic change! ;) =
]
>>=20
>> Short answer: you announce both PA prefixes using Router =
Advertisement
>> (RA) inside the network. You pull the RA when a uplink goes
>> down/breaks.
>=20
> That assumes importing some sort of routing state into your RA config. =
Sort of a conditional RA. Can that be done today by anyone?
>=20
It can be done with some clever JunOScript or a few other mechanisms.
Of course, it can also be done on a linux-based router fairly easily =
using
whatever scripting language you like.
>> Sessions break indeed, but because there is the other prefix they =
fall
>> over to that and build up new sessions from there.
>=20
> This still doesn=92t address breakage that happens AFTER your link to =
your upstream. What if your upstream has a peering issue or their peer =
has a peering issue? How do you detect that the distant end has a route =
back to that prefix but doesn't to the other? You can't.
>=20
How do you do that for IPv4... There's nothing new here. The failure =
modes
are identical and your NAT box in IPv4 doesn't protect you from this any
better.
In fact, even multihomed BGP doesn't protect you from this unless you're
taking a full table (which is a lot more practical in IPv6 than IPv4).
Owen
