Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 — Unique local addresses)

[Jeroen Massar <jeroen () unfix org>]

On 2010-10-21 21:35, George Bonser wrote:
> > From: Jeroen Massar > Sent: Thursday, October 21, 2010 9:57 AM
> > To: Allen Smith
> > Cc: NANOG list
> > Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 —
> > Unique local addresses)
> >
> > [Oh wow, that subject field, so handy to indicate a topic change! ;) ]
> >
> > Short answer: you announce both PA prefixes using Router Advertisement
> > (RA) inside the network. You pull the RA when a uplink goes
> > down/breaks.
>
> That assumes importing some sort of routing state into your RA config.
>  Sort of a conditional RA.  Can that be done today by anyone?

Should be possible with any vendor that supports IPv6.

If you take a vendor C box and the box dies (just pull the power plug to
test this or configure it with something funky ;), Neighbor Discovery
starts failing and every IPv6 stack that I know will deprecate the
routes over that gateway, and stuff fails over.

For 'production usage', let your monitor script login to your router,
whatever brand/make/model that is, and unconfigure the RA or heck kill
the radvd daemon.

> > Sessions break indeed, but because there is the other prefix they fall
> > over to that and build up new sessions from there.
>
> This still doesn’t address breakage that happens AFTER your link to your upstream.
> What if your upstream has a peering issue or their peer has a peering
issue?
>  How do you detect that the distant end has a route back to that
prefix but
> doesn't to the other?  You can't.

Solve it the way you solve it with PI:
 - Get an SLA with every destination you want to reach

Indeed, that is a more or less unsolveable problem.

You can of course monitor all the destinations you want to reach and
based on that to use the prefix or not.

Greets,
 Jeroen