[c-nsp] Specification of RA that responds to RS (applied RA suppress I/F)

Brandon Applegate brandon at burn.net
Fri Jul 2 23:00:09 EDT 2010 

This was a thread from last month.  I have just tonight decided to fire up 
ipv6 on an interface facing some linux machines in the data center.  I 
don't have transit yet but I at least wanted to trace/ping over my own 
backbone.

Before I go any further, much like the OP last month, I'm running SXI3 on 
6500 (sup720-3bxl).

Anyway, we are an HSRP shop.  All customer interfaces are delivered as 2 
routed ports, customer puts them in same vlan/switch on their side and we 
run HSRP.  In trying to keep this model for ipv6, I noticed some 
strangeness in how this behaves.  Or at least my expectations (good chance 
I'm wrong to begin with).

The message from last month said that:

  ipv6 nd ra suppress
  ipv6 nd prefix default no-advertise

Would stop machines from accidentially lighting up ipv6.  This makes sense 
to me, and I really like that solution for a pure static / 'server' 
segment.  However, it seems HSRP hooks into ND/RA so that it can advertise 
the HSRP address in the RA's.  These commands above seem to tangle this 
up, and unexpected results come from that.  I'll try to summarize:

hsrp itself:
============
ra is hsrp derived address
autoconfig / prefix announcement still in effect

hsrp + ipv6 nd prefix default no-advertise:
===========================================
ra is hsrp derived address
autoconfig / prefix announcment is OFF (Yay !)

hsrp + ipv6 nd prefix default no-advertise + ipv6 nd ra suppress:
=================================================================
ra from each 'real' router - link local (2 default gateways)
autoconfig / prefix announcment is OFF (Yay !)

So it looks like I can't have my cake (HSRP) and eat it too (no RA + no 
autoconfig).  I'm currently using the middle solution.  What got my 
attention to begin with, is after statically defining the default gateway 
on the linux machine, I had two default gateways, one obviously from an 
RA:

default via fe80::5:73ff:fea0:1 dev eth0  metric 1  mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::5:73ff:fea0:1 dev eth0  proto kernel  metric 1024  expires 0sec mtu 1500 advmss 1440 hoplimit 64

So that's 'fine' - but makes my OCD twitch.

PS: why is the lifetime of the HSRP birthed RA 0sec ?  Is this an HSRP 
thing ?

PPS:

sh ipv6 interface fastEthernet 2/43
<snip>
   ND DAD is enabled, number of DAD attempts: 1
   ND reachable time is 30000 milliseconds
   ND advertised reachable time is 0 milliseconds
   ND advertised retransmit interval is 0 milliseconds
   ND router advertisements are sent every 200 seconds
   ND router advertisements live for 1800 seconds
   ND advertised default router preference is Medium
   Hosts use stateless autoconfig for addresses.
</snip>

Hosts do NOT use stateless autoconfig for addresses, I'm guessing this is 
cosmetic - this command doesn't know about me disabling prefix 
announcments ?

PPPS: 12.4T says it supports a global address for the HSRP ip ?  I only 
have the option of autoconfig or link-local on my 6500.  Is this something 
coming for Catalyst ?

--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
"SH1-0151.  This is the serial number, of our orbital gun."

More information about the cisco-nsp mailing list