[148906] in North American Network Operators' Group
Re: Choice of address for IPv6 default gateway
daemon@ATHENA.MIT.EDU (Mohacsi Janos)
Thu Jan 26 03:18:49 2012
Date: Thu, 26 Jan 2012 09:18:21 +0100 (CET)
From: Mohacsi Janos <mohacsi@niif.hu>
To: Daniel STICKNEY <dstickney@optilian.com>
In-Reply-To: <4F2014A0.20008@optilian.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 25 Jan 2012, Daniel STICKNEY wrote:
> I'm having trouble finding authoritative sources on the best common
> practice (if there even is one) for the choice of address for an IPv6
> default gateway in a production server environment (not desktops). For
> example in IPv4 it is common to chose the first or last address in the
> subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested
> in input from production environments and or ARIN/RIPE/IANA/etc or top
> vendors.
>
> I've seen some documentation using <prefix>::1 with either a global
> prefix or link-local (fe80::1). Anyone use either of these in production
> and have negative or positive feedback? fe80::1 is seductive because it
> is short and the idea of having the same default gateway configured
> everywhere might be simple. At the same time using the same address all
> around the network seems to invite confusion or problems if two
> interfaces with the address ever ended up in the same broadcast domain.
Up to your taste. Most cases it is recommended to use link-local default
gateway. If you use the same address - even link local - your node should
complain about the duplicate address on the same link. You can rely on the
autoconfigured link-local address for default gateways (and use RA).
>
> What about using RAs to install the default route on the servers? The
> 'priority' option (high/medium/low) easy fits with an architecture using
> an active/standby router setup where the active router is configured
> with the 'high' priority and the standby 'medium'. With the timeout
> values tuned for relatively rapid (~3 seconds) failover this might be
> feasible. Anyone use this in production?
Yes we are using NUD (and using RA to install default gateway) to switch
from primary rotuer to secondary - due to no VRRP support on a particular
platform. But in case of RA usage you should also use RA-guard especially
if you don't have full control on servers connected to your switches.
>
> I note that VRRPv3 (and keepalived) and HSRP both support IPv6. Since we
> use VRRP for IPv4, using it for IPv6 would keep our architecture the
> same, which has merit too.
If you want consistent and more predictable behavoir use VRRP or maybe
HSRP if your vendor supports it.
Best Regards,
Janos Mohacsi
