Do We Need FHRP (HSRP or VRRP) For IPv6?

Justin asked an interesting question in a comment to my IPv6 On-Link Determination post: do we need HSRP for IPv6 as the routers already send out RA messages? Pavel quickly pointed out that my friend @packetlife already wrote about it, concluding that you could use RAs unless you need deterministic sub-second failover.

However, there are (as always) a few more gotchas:

RA-based failover relies on host IP stack. You never know what the hosts will do once a router’s lifetime expires (I’ve seen quite a few unexpected things in the IPv6 world already), and the behavior might change after a software update.

You might not want to use RAs in environments where some hosts (particularly servers) are not dual-stacked, as the IPv4-only hosts might decide they want to use IPv6 even though they don’t have a valid IPv6 address.

RAs are processed by every host. If you decide to use fast RA-based failover, every server (or VM) in your network will have to process several RAs per second. Not a problem, unless you have thousands of VMs – heaps of small overhead tend to add up.

2014-03-25: Another gotcha: RA-based failover probably won't work in MLAG environments.

5 comments:

  1. http://tools.ietf.org/html/rfc5798

    For IPv6, the advantage gained from using VRRP for IPv6 is a quicker switchover to Backup routers than can be obtained with standard IPv6 Neighbor Discovery mechanisms.

    ReplyDelete
    Replies
    1. ... which is approximately what I wrote in the first paragraph ;)

      Delete
  2. Absolutely! We need the same predictable behavior for all clients in particular subnet, so the only way to do this - take control of it with HSRP (FHRP). Cisco already have examples (in pure masked GNS3) that we can use HSRP fo IPv6
    www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080b9119e.shtml
    IOU here to come :) Or Cisco guys do not heared about it?
    Also we have VRRP fo IPv6 tools.ietf.org/html/rfc5798

    ReplyDelete
  3. And more: with HSRP we have a lot of functionality: preemption with different set of timers, tracking (interfaces, addresses and other), authentication (do not know do we really need this but steel).
    Also Cisco have GLBP for IPv6
    supportforums.cisco.com/docs/DOC-23397, without any functionality pure GLBP is better that FHRP based on RA in case of load balancing.

    ReplyDelete
    Replies
    1. Thought, that some VRRP implementations for IPv6 do also have those functionality (preemption, tracking, authentication, load balacning)?

      Delete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.