Re: Choice of address for IPv6 default gateway

[Daniel STICKNEY <dstickney () optilian com>]

Thanks everyone for your input! I now have a more complete perspective
on the pros and cons of the options available.

-Daniel

Le 26/01/2012 09:18, Mohacsi Janos a écrit :
> On Wed, 25 Jan 2012, Daniel STICKNEY wrote:
>
> > I'm having trouble finding authoritative sources on the best common
> > practice (if there even is one) for the choice of address for an IPv6
> > default gateway in a production server environment (not desktops). For
> > example in IPv4 it is common to chose the first or last address in the
> > subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested
> > in input from production environments and or ARIN/RIPE/IANA/etc or top
> > vendors.
> >
> > I've seen some documentation using <prefix>::1 with either a global
> > prefix or link-local (fe80::1). Anyone use either of these in production
> > and have negative or positive feedback? fe80::1 is seductive because it
> > is short and the idea of having the same default gateway configured
> > everywhere might be simple. At the same time using the same address all
> > around the network seems to invite confusion or problems if two
> > interfaces with the address ever ended up in the same broadcast domain.
>
> Up to your taste. Most cases it is recommended to use link-local default
> gateway. If you use the same address - even link local - your node should
> complain about the duplicate address on the same link. You can rely on
> the
> autoconfigured link-local address for default gateways (and use RA).
>
> > What about using RAs to install the default route on the servers? The
> > 'priority' option (high/medium/low) easy fits with an architecture using
> > an active/standby router setup where the active router is configured
> > with the 'high' priority and the standby 'medium'. With the timeout
> > values tuned for relatively rapid (~3 seconds)  failover this might be
> > feasible. Anyone use this in production?
>
> Yes we are using NUD (and using RA to install default gateway) to switch
> from primary rotuer to secondary - due to no VRRP support on a particular
> platform. But in case of RA usage you should also use RA-guard especially
> if you don't have full control on servers connected to your switches.
>
> > I note that VRRPv3 (and keepalived) and HSRP both support IPv6. Since we
> > use VRRP for IPv4, using it for IPv6 would keep our architecture the
> > same, which has merit too.
>
> If you want consistent and more predictable behavoir use VRRP or maybe
> HSRP if your vendor supports it.
>     Best Regards,
>             Janos Mohacsi