[sdnog] Hot standby routing protocol (HSRP)

Mukom Akong T. mukom.tamon at gmail.com
Tue Jan 5 13:31:34 SAST 2016 

On 5 January 2016 at 14:12, Daniel Shaw <danielshaw at protonmail.com> wrote:

>
> So, what it comes down to is the best solution is actually on the OS to
> accept routing info by RA, but not accept SLAAC IPv6 addresses. However, my
> experience so far has been that none of distros make this simple in the
> standard network config files and tools and you have to do this with sysctl
> tweaking.
>


This could be avoided in most cases by

a) On the routers: configure the RAs to have A-flags set to 0 (this tells
(or suggests depending upon the OS) "Do NOT create addresses from this
prefix). One might be tempted to not even have any Prefix Information
Option in the RA but you need that, for on-link determination. However if
it's a server LAN where you don't expect lots of intra-LAN traffic, you
could just not have any PIO in the RA.

b) On the hosts: disable generation of privacy addresses on the OS.



>
> As far as I am concerned this is an issue with OS distributions and
> nothing to do with the routers or IPv6 per say.
>


Yeah .... if only all OSes treated the flags within RA consistently, life
would be a lot easier. Now prior to deployment, a good network equipment
audit should point this out ... yes, so "How does my OS treat O, A, L & M
flags in RA" should definitely be part of your infrastructure audit.




> However, if you are a network engineer, be aware that your systems
> engineers may have a false expectation that IPv6 works just like IPv4, and
> blame your network when you don't give them HSRP on IPv6 and their server's
> IPv6 is not redundant. :-)
>


Hey! we love this fight! don't you dare take it away from us!! :)))



>
>
> -------- Original Message --------
> Subject: Re: [sdnog] Hot standby routing protocol (HSRP)
> Local Time: January 5 2016 1:54 pm
> UTC Time: January 5 2016 9:54 am
> From: mukom.tamon at gmail.com
> To: nishal at controlfreak.co.za
> CC: sdnog at sdnog.sd
>
>
>
> for an environment that's not client facing. But where you have clients
> that are mostly IPv4 where there's no way (as far as I know) to
> automatically provision more than one default gateway to client computers,
> have two routers without something like VRRP/HSRP/GLBP won't really help.
> am i missing something?
>
>
> In IPv6, since clients have not one but a list of default gateways, normal
> RA's from each of these routers will obviate the need for gateway redundant
> protocol, albeit with less performance in failover.
>
>
>
>
>


-- 

Mukom Akong T.

LinkedIn:Mukom <https://www.linkedin.com/in/mukom>  |  twitter:
@perfexcellent


------------------------------------------------------------------------------------------------------------------------------------------
“When you work, you are the FLUTE through whose lungs the whispering of the
hours turns to MUSIC" - Kahlil Gibran
-------------------------------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160105/31d85cfd/attachment.html>

More information about the sdnog mailing list