HSRP for IPv6 issue in a 6PE network

limtohsoon · ‎12-08-2008

Hi Sir,

I have the following scenario.

R3 and R4 are 6PE routers. Each is a route reflector client to R1. They share a LAN segment (with IPv4 and IPv6 addresses) and advertise it out to R1. Their interface config is as follows:

R3 Config

---------

!

interface FastEthernet2/0

ip address 49.83.140.6 255.255.255.192

speed auto

duplex auto

ipv6 address 2001:10D:13:200::1/64

standby version 2

standby 200 ip 49.83.140.5

standby 200 priority 110

standby 200 preempt

standby 200 track Serial1/0 20

standby 206 ipv6 autoconfig

standby 206 priority 110

standby 206 preempt

standby 206 track Serial1/0 20

!

R4 Config

---------

!

interface FastEthernet2/0

ip address 49.83.140.7 255.255.255.192

no ip redirects

speed auto

duplex auto

ipv6 address 2001:10D:13:200::2/64

standby version 2

standby 200 ip 49.83.140.5

standby 200 preempt

standby 206 ipv6 autoconfig

standby 206 preempt

!

There's a dual stack firewall on the LAN segment which points its IPv4 default gateway to 49.83.140.5. I configured "HSRP for IPv6" to provide an IPv6 default gateway to the firewall.

When I shutdown interface Fa2/0 of R3, the following error messages appear on the 6PE-RR (R1):

01:25:19: %TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 49.83.140.5 advertised by peer 4.4.4.4:0 is already bound to 3.3.3.3:0

01:25:19: %TAGCON-3-TDPID: peer 4.4.4.4:0, TDP Id/Addr mapping problem (rcvd TDP address PIE, bind failed)

Note: 3.3.3.3 is loopback of R3 and 4.4.4.4 is loopback of R4.

R1 is Cisco 7206VXR running IOS 12.2(31)SB12. I don't understand the error messages and whether they have any impact to the network.

Please advise.

Thank you.

B.Rgds,

Lim TS

Giuseppe Larosa · ‎12-08-2008

Hello Lim,

you are having some warning messages during network transition caused by the different timers of HSRP and LDP:

the new Active HSRP takes the ipv4 49.83.140.5 and advertises it in LDP before the R3 has done withdrawn of its own advertisement.

This should be with zero impact: after some seconds R3 should withdraw its advertisement and everything is again fine.

To be noted that the problem has nothing to do with HSRP for IPv6 or 6PE I can see these messages during faults on normal PEs routers in our network: actually all complains are about an IPv4 prefix.

R1 is not only RR but also LDP neighbor of both R3 and R4.

You should be fine

Hope to help

Giuseppe

limtohsoon · ‎12-12-2008

Hi Giuseppe,

Thanks for the information.

In my scenario, the firewall has an IPv4 address of 49.83.140.8 and a default route pointing to 49.83.140.5 (HSRP virtual address of R3 & R4).

The same interface on the firewall will be assigned a static IPv6 address of 2001:10D:13:200::8/64. Is HSRP for IPv6 the right solution to implement on R3 & R4 to provide an IPv6 gateway to the firewall? Please comment on my HSRP configuration.

Thank you.

B.Rgds,

Lim TS

Giuseppe Larosa · ‎12-13-2008

Hello Lim,

according to my (modest) IPv6 level of knowledge you shouldn't need HSRP : each device including a simple host builds and updates a table of gateways present in the link by using information present in router advertisements: so if you enable/ don't disable RA on the two routers the firewall should be able to detect which is alive.

Probably for security reasons you have disabled the ICMPv6 on the firewall interface: if you cannot process the RAs you need to use something like HSRP for IPv6.

If you manage the lan switches and the ports are not in vlan1 you can think to be safe enough to leave RA enabled and accepted / processed on the firewall

Hope to help

Giuseppe