[sdnog] Hot standby routing protocol (HSRP)

Tue Jan 5 12:12:31 SAST 2016

Exactly correct! "Normal" IPv4 clients can't have multiple gateways, so you must have something like VRRP/HSRP/GLBP/other IP clustering thing for redundant routing. :-)

To expand on what Mukom's pointed out in regards to IPv6, RA, and my previous posting:

As he says much more clearly that I could have, a "normal" client can deal with multiple gateways from RAs, and so then there is no need for special gateway redundancy. Until that is your "client" is something like a mail server and you have a static IPv6 address.

Well, you may think (correctly), I can still have a static (ipv6) address and accept RA's too. Yes you can. But most OSs then configure a couple SLAAC addresses in addition to your static one. Ok, all good. Or is it.

You may now find that outgoing IPv6 connections originate from your global SLAAC address, not the static one. Hmm, now mails are being relayed from an address different from the one in RDNS and your SPF records, and large mail providers start bouncing you. Oops.

Ok, so you could add your SLAAC address to DNS as an allowed mail server address, but what happens when you upgrade your host or migrate your VM, and the interface gets a different MAC - you may now have a different SLAAC IPv6 address. Oops.

Ok, so the easy way to prevent any dynamic IPv6 addresses in most OSs is just ignore all IPv6 RA related broadcasts completely and rely on 100% static network config. This is usually an easy to change line in a config file. But, Oh, but now there is no more gateway redundancy. Oops :)

So, what it comes down to is the best solution is actually on the OS to accept routing info by RA, but not accept SLAAC IPv6 addresses. However, my experience so far has been that none of distros make this simple in the standard network config files and tools and you have to do this with sysctl tweaking.

As far as I am concerned this is an issue with OS distributions and nothing to do with the routers or IPv6 per say. However, if you are a network engineer, be aware that your systems engineers may have a false expectation that IPv6 works just like IPv4, and blame your network when you don't give them HSRP on IPv6 and their server's IPv6 is not redundant. :-)

-------- Original Message --------
Subject: Re: [sdnog] Hot standby routing protocol (HSRP)
Local Time: January 5 2016 1:54 pm
UTC Time: January 5 2016 9:54 am
From: mukom.tamon at gmail.com
To: nishal at controlfreak.co.za
CC: sdnog at sdnog.sd

for an environment that's not client facing. But where you have clients that are mostly IPv4 where there's no way (as far as I know) to automatically provision more than one default gateway to client computers, have two routers without something like VRRP/HSRP/GLBP won't really help. am i missing something?

In IPv6, since clients have not one but a list of default gateways, normal RA's from each of these routers will obviate the need for gateway redundant protocol, albeit with less performance in failover.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160105/133ad765/attachment.html>