Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 — Unique local addresses)

[jeroen at unfix.org (Jeroen Massar)]

On 2010-10-21 21:35, George Bonser wrote:
> 
> 
>> From: Jeroen Massar > Sent: Thursday, October 21, 2010 9:57 AM
>> To: Allen Smith
>> Cc: NANOG list
>> Subject: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 ?
>> Unique local addresses)
>>
>> [Oh wow, that subject field, so handy to indicate a topic change! ;) ]
>>
>> Short answer: you announce both PA prefixes using Router Advertisement
>> (RA) inside the network. You pull the RA when a uplink goes
>> down/breaks.
> 
> That assumes importing some sort of routing state into your RA config.
>  Sort of a conditional RA.  Can that be done today by anyone?

Should be possible with any vendor that supports IPv6.

If you take a vendor C box and the box dies (just pull the power plug to
test this or configure it with something funky ;), Neighbor Discovery
starts failing and every IPv6 stack that I know will deprecate the
routes over that gateway, and stuff fails over.

For 'production usage', let your monitor script login to your router,
whatever brand/make/model that is, and unconfigure the RA or heck kill
the radvd daemon.

>> Sessions break indeed, but because there is the other prefix they fall
>> over to that and build up new sessions from there.
> 
> This still doesn?t address breakage that happens AFTER your link to your upstream.
> What if your upstream has a peering issue or their peer has a peering
issue?
>  How do you detect that the distant end has a route back to that
prefix but
> doesn't to the other?  You can't.

Solve it the way you solve it with PI:
 - Get an SLA with every destination you want to reach

Indeed, that is a more or less unsolveable problem.

You can of course monitor all the destinations you want to reach and
based on that to use the prefix or not.

Greets,
 Jeroen