On 29/12/2013 13:12, Philipp Kern wrote: > that's basically what I said. I added the additional point that the DHCP > server gives out different gateways for load balancing reasons.
Right, I just misunderstood what you were saying. >> No, you can't do tightly timed failover with RAs […] > > How would you make that work with DHCPv6? Isn't that also MAC failover > which you refuse to consider for RAs? Let me be more specific: you can only do tightly timed failover with RAs if you announce a virtual IP address which is tied to a first-hop redundancy protocol like vrrp/hsrp/etc. This is a vendor specific thing and is not even supported by many vendors. You cannot depend on the built-in mechanisms in RA and NUD to perform fast failover because you end up with a choice of either 10+ second failover or else compromising your network structure due to excess icmpv6 NS packets. Neither of these are workable solutions in production networks. If you want fast failover, you need to use vrrp / hsrp / carp / etc, all of which provide mac failover at layer 2. In this situation, you need a mechanism to deliver the default gateway information to the client. At the moment, the only standardised option is manual configuration. This doesn't scale. > You would still have ND. And it's all part of ICMPv6, so you don't avoid > "an entire protocol" unless you specify a target MAC to send traffic to. icmpv6 is a large pot of protocols which do many different things. RA is one subsection which delivers a specific set of services, and I usually consider it to be a separate protocol in its own right. >> 3. there is no way of specifying a global unicast ipv6 address. You can >> only specify link-local addresses. > > True. But you are talking about large L2 domains, which have link-local > addressing. What's wrong with that? I'm just saying it's not possible to deploy global unicast addresses using RA. Maybe this doesn't matter to you. It's not that important to me either, but it may be important to some people with different network structures. Personally, I don't like the idea of unreasonable restriction of options when it comes to configuring networks. >> 5. there is no way to specify anything other than a default gateway. > > RDNSS is there, but not arbitary data, that's true. Yes, the big iron no, I meant that there is no other way to specify routing information other than a default route. E.g. if you have a box with two NICs; management network on one NIC and production on the other, there is no way to get dhcpv6 to instruct the client to hand off management traffic to one network and everything else to the production side. RDNSS I don't care about. Nick
