Choice of address for IPv6 default gateway
owen at delong.com
Wed Jan 25 16:53:23 CST 2012
On Jan 25, 2012, at 6:41 AM, Daniel STICKNEY wrote:
> I'm having trouble finding authoritative sources on the best common
> practice (if there even is one) for the choice of address for an IPv6
> default gateway in a production server environment (not desktops). For
> example in IPv4 it is common to chose the first or last address in the
> subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested
> in input from production environments and or ARIN/RIPE/IANA/etc or top
It's mostly a matter of personal preference.
If you want to just use RAs (which is a perfectly fine alternative in most
server environments if you're not especially paranoid), then that will
automatically use the link local address of the router as next-hop.
If you want to go with something configured via static configuration (note,
you CANNOT currently provide default gateway information in DHCPv6),
then ::1 or ::<something>:1 or whatever is a perfectly viable alternative,
so long as your ops folks can all agree on using pretty much the same
thing on every subnet. Using different default gateways on different
subnets is perfectly functional, but, leads to human factors complications
that tend to outweigh any perceived benefit to doing so.
> I've seen some documentation using <prefix>::1 with either a global
> prefix or link-local (fe80::1). Anyone use either of these in production
> and have negative or positive feedback? fe80::1 is seductive because it
> is short and the idea of having the same default gateway configured
> everywhere might be simple. At the same time using the same address all
> around the network seems to invite confusion or problems if two
> interfaces with the address ever ended up in the same broadcast domain.
I don't recommend fe80::1 because not all platforms support configuration
of link local addresses vs. using the IID based address or in addition to
the IID based address.
Also, HSRP/VRRP comes with overhead which you can avoid by using RA.
Note, you can use RA for default gateway while still using static addressing.
> What about using RAs to install the default route on the servers? The
> 'priority' option (high/medium/low) easy fits with an architecture using
> an active/standby router setup where the active router is configured
> with the 'high' priority and the standby 'medium'. With the timeout
> values tuned for relatively rapid (~3 seconds) failover this might be
> feasible. Anyone use this in production?
Yes, many people use RA in production. The timeout is, I believe, usually
more on the order of 1,000 ms or less.
> I note that VRRPv3 (and keepalived) and HSRP both support IPv6. Since we
> use VRRP for IPv4, using it for IPv6 would keep our architecture the
> same, which has merit too.
Support for VRRP IPv6 varies from vendor to vendor and while you might
keep the same architecture, there are likely differences in the vendor-
specific behaviors and/or bugs for their IPv6 VRRP implementations.
RA being a much simpler protocol is somewhat less likely to get screwed
up in the implementation process by the vendors. It's also the part of the
code that gets exercised by more of their IPv6 using customers at this
More information about the NANOG