Do We Need FHRP (HSRP or VRRP) For IPv6?

Justin asked an interesting question in a comment to my IPv6 On-Link Determination post: do we need HSRP for IPv6 as the routers already send out RA messages? Pavel quickly pointed out that my friend @packetlife already wrote about it, concluding that you could use RAs unless you need deterministic sub-second failover.

However, there are (as always) a few more gotchas:

RA-based failover relies on host IP stack. You never know what the hosts will do once a router’s lifetime expires (I’ve seen quite a few unexpected things in the IPv6 world already), and the behavior might change after a software update.

You might not want to use RAs in environments where some hosts (particularly servers) are not dual-stacked, as the IPv4-only hosts might decide they want to use IPv6 even though they don’t have a valid IPv6 address.

RAs are processed by every host. If you decide to use fast RA-based failover, every server (or VM) in your network will have to process several RAs per second. Not a problem, unless you have thousands of VMs – heaps of small overhead tend to add up.

2014-03-25: Another gotcha: RA-based failover probably won't work in MLAG environments.

6 comments:

  1. http://tools.ietf.org/html/rfc5798

    For IPv6, the advantage gained from using VRRP for IPv6 is a quicker switchover to Backup routers than can be obtained with standard IPv6 Neighbor Discovery mechanisms.
    Replies
    1. ... which is approximately what I wrote in the first paragraph ;)
  2. Absolutely! We need the same predictable behavior for all clients in particular subnet, so the only way to do this - take control of it with HSRP (FHRP). Cisco already have examples (in pure masked GNS3) that we can use HSRP fo IPv6
    www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080b9119e.shtml
    IOU here to come :) Or Cisco guys do not heared about it?
    Also we have VRRP fo IPv6 tools.ietf.org/html/rfc5798
  3. And more: with HSRP we have a lot of functionality: preemption with different set of timers, tracking (interfaces, addresses and other), authentication (do not know do we really need this but steel).
    Also Cisco have GLBP for IPv6
    supportforums.cisco.com/docs/DOC-23397, without any functionality pure GLBP is better that FHRP based on RA in case of load balancing.
    Replies
    1. Thought, that some VRRP implementations for IPv6 do also have those functionality (preemption, tracking, authentication, load balacning)?
  4. IPv6 VRRP ALCATEL-LUCENT

    ABC# configure service ies 250004
    ABC>config>service>ies# info
    ----------------------------------------------


    ABC# configure router router-advertisement
    ABC>config>router>router-advert# info
    ----------------------------------------------

    interface "ABC"
    use-virtual-mac
    no shutdown
    exit
    ----------------------------------------------
    ABC>config>router>router-advert#

    description "ABC"
    interface "ABC" create
    address 100.100.200.2/28
    cflowd interface
    vrrp 90
    backup 100.100.200.1
    ping-reply
    standby-forwarding
    exit
    ipv6
    address 2001:2222:FCF:FF00::2/56 preferred --------- GLOBAL ADDRESS ------
    link-local-address FE80::111:5FF:FED6:E12D preferred --------------- LINK LOCAL ADDRESS ----
    vrrp 91
    backup 2001:2222:FCF:FF00::1 --------------------- GLOBAL ADDRESS BACKUP ------
    backup FE80::111:5FF:FED6:E12C --------------- LINK LOCAL ADDRESS BACKUP ----
    ping-reply
    standby-forwarding
    exit
    exit
    sap 5/9/19:600 create
    exit
    exit
    service-name "ABC"
    no shutdown
    ----------------------------------------------
    ABC>config>service>ies#
Add comment
Sidebar