Choice of address for IPv6 default gateway
dstickney at optilian.com
Thu Jan 26 03:49:06 CST 2012
Thanks everyone for your input! I now have a more complete perspective
on the pros and cons of the options available.
Le 26/01/2012 09:18, Mohacsi Janos a écrit :
> On Wed, 25 Jan 2012, Daniel STICKNEY wrote:
>> I'm having trouble finding authoritative sources on the best common
>> practice (if there even is one) for the choice of address for an IPv6
>> default gateway in a production server environment (not desktops). For
>> example in IPv4 it is common to chose the first or last address in the
>> subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested
>> in input from production environments and or ARIN/RIPE/IANA/etc or top
>> I've seen some documentation using <prefix>::1 with either a global
>> prefix or link-local (fe80::1). Anyone use either of these in production
>> and have negative or positive feedback? fe80::1 is seductive because it
>> is short and the idea of having the same default gateway configured
>> everywhere might be simple. At the same time using the same address all
>> around the network seems to invite confusion or problems if two
>> interfaces with the address ever ended up in the same broadcast domain.
> Up to your taste. Most cases it is recommended to use link-local default
> gateway. If you use the same address - even link local - your node should
> complain about the duplicate address on the same link. You can rely on
> autoconfigured link-local address for default gateways (and use RA).
>> What about using RAs to install the default route on the servers? The
>> 'priority' option (high/medium/low) easy fits with an architecture using
>> an active/standby router setup where the active router is configured
>> with the 'high' priority and the standby 'medium'. With the timeout
>> values tuned for relatively rapid (~3 seconds) failover this might be
>> feasible. Anyone use this in production?
> Yes we are using NUD (and using RA to install default gateway) to switch
> from primary rotuer to secondary - due to no VRRP support on a particular
> platform. But in case of RA usage you should also use RA-guard especially
> if you don't have full control on servers connected to your switches.
>> I note that VRRPv3 (and keepalived) and HSRP both support IPv6. Since we
>> use VRRP for IPv4, using it for IPv6 would keep our architecture the
>> same, which has merit too.
> If you want consistent and more predictable behavoir use VRRP or maybe
> HSRP if your vendor supports it.
> Best Regards,
> Janos Mohacsi
More information about the NANOG