Hi Daniel, On Jan 25, 2012, at 8:41 AM, Daniel STICKNEY wrote:
I'm having trouble finding authoritative sources on the best common practice (if there even is one) for the choice of address for an IPv6 default gateway in a production server environment (not desktops). For example in IPv4 it is common to chose the first or last address in the subnet (.1 or .254 for example) as the VIP for VRRP/HSRP. I'm interested in input from production environments and or ARIN/RIPE/IANA/etc or top vendors.
Well, you're not going to find anything authoritative per se, but we are using fe80::1 with HSRP on every LAN with v6 enabled. More recent HSRP implementations also support <prefix>::1, but that doesn't seem to make any sense to me since link-local is where your gateway lives.
What about using RAs to install the default route on the servers? The 'priority' option (high/medium/low) easy fits with an architecture using an active/standby router setup where the active router is configured with the 'high' priority and the standby 'medium'. With the timeout values tuned for relatively rapid (~3 seconds) failover this might be feasible. Anyone use this in production?
Our servers are statically assigned with prefix::1000 and counting up, and fe80::1%int for the gateway. Some servers are doing an IP per service / customer. In some initial deployments I did, RA Priority did not seem to be observed. That was 8 or 9 years ago so maybe that has changed, but it was not comforting. We were more worried about unintentional & rogue RA vs active/standby routers. Now that we have RA Guard deployed on > 100,000 edge ports, that doesn't really matter anymore. Dale