Published on , commented on March 10, 2023
Small Site Multihoming in IPv6: Mission Impossible?
Summary: I can’t figure out how to make small-site multihoming (without BGP or PI address space) work reliably and decently fast (failover in seconds, not hours) with IPv6. I’m probably not alone.
Problem: There are cases where a small site needs (or wants) to have Internet connectivity from two ISPs without going through the hassle of getting a BGP AS number and provider-independent address space, and running BGP with both upstream ISPs.
The primary/backup scenario is very easy to implement with multiple per-interface NAT rules in IPv4 world. With some load balancing trick, you can use both links simultaneously and if you really want to stretch the envelope, you can try to deploy publicly-accessible servers (although I would try every public cloud solution before pulling this stunt).
Is this realistic? Sure it is, let me give you a personal example. I usually work from home and Internet is one of my indispensable tools; it’s totally unacceptable to have no Internet connectivity for a few hours (or days). I’m positive more and more individuals and small businesses will have similar requirements.
What’s the big deal with IPv6? The IPv4 approach to this problem involves heavy use of NAT44, which allows us to control the return path (based on source IP address in the outgoing packet). As of today, there’s no production-grade NAT66 (see comments to this post), so the same principle cannot be deployed in IPv6 world.
Worst case, if we can’t make small-site multihoming work reliably with IPv6, a lot of users will be forced to go down the PI/BGP path and the Internet routing tables will explode even faster than expected.
Alternative approaches? Multihoming was supposed to be an integral part of IPv6 (not really, a lot of details are missing – another topic of my Upcoming Internet Challenges webinar), but maybe the following trick would work for small sites. Please share your opinions in the comments.
Could This Work?
A CPE router with two uplinks will get delegated prefixes from both ISPs through DHCPv6. You can assign both prefixes to the LAN interface and your IPv6 hosts using stateless autoconfiguration (SLAAC – RFC 4862) will get an address from each delegated prefix (having multiple IPv6 addresses per interface is a standard IPv6 feature). However, the address selection rules the IPv6 hosts are suppose to use (RFC 3484) don’t take in account the path availability.
If one of the upstream links fails, your IPv6 hosts would continue using the IPv6 address from the now-unreachable address space and although the outbound traffic would be forwarded over the remaining link, the return traffic would end up in wrong AS (with the failed link to your site) and would be dropped.
Assuming DHCPv6 prefix delegation and DHCPv6 clients in CPE routers work as intended, it’s possible to detect link loss and subsequent delegated prefix loss, and revoke the IPv6 prefix from router advertisements sent to the LAN interfaces, but that might be a slow process. The minimum valid lifetime of an IPv6 prefix in ND messages used for stateless autoconfiguration is two hours to prevent denial-of-service attacks (see paragraph (e) of section 5.5.3 of RFC 4862), so it could take up to two hours for the IPv6 connectivity to be fully operational after a link loss. Not something I would be happy with.
Last but not least, unless you use some crazy EEM-triggered tricks, your IPv6 hosts will have addresses from both ISPs most of the time. Influencing address selection rules is not trivial (this is how you can do it on Linux and this is the procedure for Windows) and unless you’re pretty experienced your hosts will select one path or the other based on whatever internal decisions they make, not based on the primary/backup selection you’d like to have.
What do you think? Would the end-users who need redundant connectivity implement this kludge or would they request PI address space, BGP AS number and implement BGP (or just ask both ISPs to install static routes for their PI prefix)… or shall we wait for NAT66?
You can get around the sending traffic out the wrong link using policy based routing (route on the source address). You have to depend on the host being able to choose a working SA/DA pair, which really requires Happy Eyeballs. http://tools.ietf.org/html/draft-wing-v6ops-happy-eyeballs-ipv6-01
There are alternatives: SHIM6, LISP, ILNP, NAT66...
Multihoming a v6 site without PI space & BGP is easy peasy with LISP. You get 2 uplinks to whatever provider with whatever means, and the CPE will tell the mapping system where it's /48 (or /56 or whatever) is located. That's it, just 9 lines of configuration.
This is real and working at this very moment.
Not true, LISP was designed with incremental deployment in mind. Multi-homing works fine the moment you configure two proxy-routers and have 2 uplinks. That's all.
Exactly! I still cannot ping you over LISP...
The short version: Yes, LISP is being developed explicitly to address the scaling issues we face today and in a few years. Maintaining state in RAM is cheap. There can be many many EID prefixes - and with LISP they can be aggregated heavily.The RLOC space (the current internet) is a mess anyway, LISP hopes to slow down the growth of the routing table.
Adding another encapsulation layer is a serious architectural move with major implications. As I mentioned previously, LISP edge nodes are unware of the underlying RLOC topology (think of layer of indirection). Every LISP site advertises mappings to ingress entry point being unware of the paths to these points. This results in the fact that traffic load-balancing that is optimum from the edge-site perspective may appear suboptimal from the underlying Internet perspective. In other words, the traffic matrix that LISP sites require may not fit well to the underlying Internet topology. Comparing this to single-ISP networks and MPLS/BGP VPNs you may notice that MPLS TE or IGP TE could be used to optimize the "tunneled" traffic flows. However, there is no common traffic engineering scheme for the Internet.
Another problem from the set is the statement that RLOC space is poorly aggregatable because of PIs. This is not the only reason. Optimum aggregation requires the network topology to be hierarchical, which is not the case of the Internet, which is more of a self-similar graph. Internet is only hierarchical at the edge, where provider aggregation could be implemented. However, aggregating addresses in such topologies globally is not possible for hierarchial routing.
To summarize, effective multihoming and mobility require changing the IP routing and addressing architecture. If we continue to remain within the limitations of hierarchical addressing and PoA addressing we'll result in moving the problem from one part of the network to another, but will never get a scalable solution.
It's true that you don't get much control over which prefix your hosts use; there are some drafts in process to add this information to DHCPv6.
I don't know about you, but I'm pretty sure neither my home-office nor my local small business network satisfies the current ARIN reqs for new v6 allocations: have v4 space already (nope, using v4 NAT multihoming) or satisfy the v4 requirements (25% utilization now, 50% within a year of a /24 if multihomed -- 64 hosts now, 128 hosts in a year). If you have 128 hosts in your home office, color me impressed.
So I do nothing, as I can't have unpredictable client function because if I went with my ULA scheme browsers would do weirdness with no outbound egress but getting external AAAA records from the outside dns recursive servers.
Not even getting into infrastructure with no IPv6 support like WAAS, which my business relies on. It's a mess and depressing.
Is it too late to go CLNS?
LOL good time to remember the whole epic saga with OSI stack in early 90s :)