RAdv protocol in failover router setup
I am trying to use BIRD v2.0.8 to emit ICMPv6 RAs from a HA pair of routers. The default router address of the router (fe80::1) is failed over using the VRRP protocol, so it is only present on a single router at any given time. I have run into two challenges I cannot quite figure out how to solve: 1) How to make BIRD only emit RAs if the router is active, i.e., only on interfaces where the fe80::1 address is configured. (It appears that RAdv does not support the «interface "*" fe80::1/128 {};» syntax; it just complains «Interface name/mask expected, not IP prefix»). 2) How to make BIRD use the fe80::1 default router address as the source address of the emitted RAs instead of the EUI-64-generated link-local address (which will not fail over to the standby router in the event of a failure, and should therefore not be used as a router by the hosts receiving the RAs). I am grateful for any suggestions. Tore
Hey Tore, we are running active-active routers with bird, wihout VRRP as follows: - router1: high priority - router2: low priority Sample config: protocol radv { # Internal interface "eth1.10" { max ra interval 5; # Fast failover with more routers other config yes; # dhcpv6 boot default preference high; default lifetime 600; }; # Server interface "eth1.11" { max ra interval 5; default preference high; default lifetime 600; }; } Routing via EUI-64 based link local addresses. This works fine with Linux servers, however Windows/Linux clients do not necessarily seem to accept the higher/lower preference route. Cheers, Nico Tore Anderson <tore@fud.no> writes:
I am trying to use BIRD v2.0.8 to emit ICMPv6 RAs from a HA pair of routers.
The default router address of the router (fe80::1) is failed over using the VRRP protocol, so it is only present on a single router at any given time.
I have run into two challenges I cannot quite figure out how to solve:
1) How to make BIRD only emit RAs if the router is active, i.e., only on interfaces where the fe80::1 address is configured.
(It appears that RAdv does not support the «interface "*" fe80::1/128 {};» syntax; it just complains «Interface name/mask expected, not IP prefix»).
2) How to make BIRD use the fe80::1 default router address as the source address of the emitted RAs instead of the EUI-64-generated link-local address (which will not fail over to the standby router in the event of a failure, and should therefore not be used as a router by the hosts receiving the RAs).
I am grateful for any suggestions.
Tore
-- Sustainable and modern Infrastructures by ungleich.ch
Hi Nico,
we are running active-active routers with bird, wihout VRRP as follows:
- router1: high priority - router2: low priority
Sample config:
protocol radv { # Internal interface "eth1.10" { max ra interval 5; # Fast failover with more routers other config yes; # dhcpv6 boot default preference high; default lifetime 600; }; # Server interface "eth1.11" { max ra interval 5; default preference high; default lifetime 600; }; }
If I am not mistaken «default lifetime 600» here implies that it would take ten minutes after «router1» has crashed for its high-priority default route to expire from downstream nodes, which is neccessary in order for them to move on to using «router2»'s lower priority route instead. We need this to happen in a couple of seconds at most.
Routing via EUI-64 based link local addresses.
This works fine with Linux servers, however Windows/Linux clients do not necessarily seem to accept the higher/lower preference route.
Well, that is precisely what I want to avoid. Depending on IPv6 ND for failover does not work too well with many clients, so ensuring that there is only a single unambiguous next-hop being advertised (i.e., fe80::1 in my case) is necessary in order for failovers to be reliable and fast. Otherwise we tend to run into client bugs, such as the one described here: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1800836 Tore
participants (2)
-
Nico Schottelius -
Tore Anderson