[148853] in North American Network Operators' Group
Re: Choice of address for IPv6 default gateway
daemon@ATHENA.MIT.EDU (Dale W. Carder)
Wed Jan 25 10:40:15 2012
Date: Wed, 25 Jan 2012 09:39:51 -0600
From: "Dale W. Carder" <dwcarder@wisc.edu>
In-reply-to: <4F2014A0.20008@optilian.com>
To: Daniel STICKNEY <dstickney@optilian.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Daniel,
On Jan 25, 2012, at 8:41 AM, Daniel STICKNEY wrote:
> I'm having trouble finding authoritative sources on the best common
> practice (if there even is one) for the choice of address for an IPv6
> default gateway in a production server environment (not desktops). For
> example in IPv4 it is common to chose the first or last address in the
> subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested
> in input from production environments and or ARIN/RIPE/IANA/etc or top
> vendors.
Well, you're not going to find anything authoritative per se, but
we are using fe80::1 with HSRP on every LAN with v6 enabled. More recent
HSRP implementations also support <prefix>::1, but that doesn't seem to
make any sense to me since link-local is where your gateway lives.
> What about using RAs to install the default route on the servers? The
> 'priority' option (high/medium/low) easy fits with an architecture using
> an active/standby router setup where the active router is configured
> with the 'high' priority and the standby 'medium'. With the timeout
> values tuned for relatively rapid (~3 seconds) failover this might be
> feasible. Anyone use this in production?
Our servers are statically assigned with prefix::1000 and counting up,
and fe80::1%int for the gateway. Some servers are doing an IP per
service / customer.
In some initial deployments I did, RA Priority did not seem to be
observed. That was 8 or 9 years ago so maybe that has changed, but it
was not comforting.
We were more worried about unintentional & rogue RA vs active/standby
routers. Now that we have RA Guard deployed on > 100,000 edge ports,
that doesn't really matter anymore.
Dale
