[141863] in North American Network Operators' Group
Re: The stupidity of trying to "fix" DHCPv6
daemon@ATHENA.MIT.EDU (Seth Mos)
Sun Jun 12 18:09:17 2011
From: Seth Mos <seth.mos@dds.nl>
In-Reply-To: <20110612100533.GA21879@srv03.cluenet.de>
Date: Mon, 13 Jun 2011 00:09:04 +0200
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Op 12 jun 2011, om 12:05 heeft Daniel Roesen het volgende geschreven:
> VRRP communications itself is via link-local addresses. There is a
> requirement to have a link-local virtual address as well, but there
> might be many more, e.g. global scope.
In FreeBSD with pfSense I use CARP with a v6 addresses which are GUA, =
the isp routes my /48 to the GUA address, failover time when rebooting =
firewalls is in the order of seconds. I see no missed http requests and =
no existing requests drop.
The servers behind it are also configured to use the LAN side GUA CARP =
ipv6 address as the default gateway.
pfsync makes sure that traffic state is being kept.
>=20
> Otherwise a whole lot of IPv6 VRRP setups won't be working here. :)
> We use global scope addresses as VRRP virtual router addresses.
Indeed, same here. We have a open ticket iirc to patch our radvd daemon =
to also announce properly when active on a v6 CARP Address. It's that or =
being able to manually sending a GUA address as being the gateway.
Wait, that sounds suspicously like trying to send a gateway bit by way =
of DHCP. Luckily servers are statically configured. But now comes the =
deal that I want all my client nodes on the corporate lan to also use =
the GUA address (which has stateful failover) for the gateway instead of =
the link local address of one of my CARP cluster nodes.
Other options include crafting a link local address for the CARP address =
and make sure that radvd uses that. The backup carp node won't hear =
anything or be heard when the address has BACKUP status. It's on the =
todo list.
Regards,
Seth
