Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 — Unique local addresses)

Jeroen Massar jeroen at unfix.org
Thu Oct 21 16:57:13 UTC 2010


[Oh wow, that subject field, so handy to indicate a topic change! ;) ]

On 2010-10-21 18:29, Allen Smith wrote:
[... well described situation about having two/multiple IPv4 upstreams,
enabling dual-stack at both, but wanting to failover between them
without doing NATv6 ...]

Short answer: you announce both PA prefixes using Router Advertisement
(RA) inside the network. You pull the RA when a uplink goes down/breaks.
Sessions break indeed, but because there is the other prefix they fall
over to that and build up new sessions from there.
Most RA "daemons" will properly send a 0-lifetime announcement to pull
the prefix thus all hosts are automatically informed that the prefix has
become invalid. Of course you can also make the router's IP address
unreachable as then Neighbor Discovery will take care of failing over too.

To address your 'we have multiple groups of people some use slow some
use fast', put them in separate (V)LANs and presto. You could
effectively live with using one prefix per group and only failing over
to the other prefix when the primary one goes down; that is only RA the
prefix to those VLANs when you really need it.

You should be getting a /48 from both ISPs and here comes the reason for
always getting a /48 and nothing else: you have the same numbering plan
for all of them.

Now the problem with such a setup is the many locations where you
actually are hardcoding the IP addresses/prefixes into: firewalls, DNS
etc. That is the hard part to solve, especially when these services are
managed by other parties.

Greets,
 Jeroen




More information about the NANOG mailing list