HSRP with global unicast address

Unanswered Question
Feb 21st, 2012

Hi,

we need to configure hsrp with global unicast address . After standby {group no} command it gives only 2 options one is link local address other is autoconfig . For testing we have given subnet 25::/119 to interfaces .

conf

int f 0/0

ipv6 enable

ipv6 address 25::1/119

standby ver 2

standby 2 ipv6 ?

at this point we are not able to specify standby global unicast ( here 25::5/119 ) it asks only for linklocal or autoconfig .

In cisco's document it is specified that it can be configured with global unicast .

we are not able to configure same

kindly help us

regards

pushpak

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Nagendra Kumar ... Mon, 02/27/2012 - 05:36

Hi Pushpak,

THis feature is supported in few platform. Can you let us know the platform/version on which you are trying to enable this feature?.

Thanks,

Nagendra

mattias.anderss... Thu, 03/01/2012 - 03:05

Hi, I have the same question for specifically ASR 1002 where it seams HSRP with global unicast is not yet possible.

Is it on the roadmap and when could one expect this feature?

mattias.anderss... Thu, 03/01/2012 - 07:52

In case some one else is wondering:

I have learned that support for this on ASR1k is road-maped in release 3.8 and later, which has an tentative release date end of this year.

stmillet Thu, 03/01/2012 - 20:51

Pushpak,

Are you asking for this feature because you have a business need for HSRP using Global Unicast addresses ? The autoconfig option works well and will give you the required functionality. Don't foget that on the wire all hosts ultimately end up talking to the next hop link local address.

Cheers

Stephan

mcgee Thu, 03/08/2012 - 01:39

Hi @ll,

I do have the same Problem:

- Bordergateways: ASR 1004, no HSRP Global IPv6 Unicast on that platform but only the LinkLocal-Addresses.

- And my firewall (that is the previous hop and needs to have a route to the ASRs-HSRP-Address) does not support the LinkLocal-Addresses, only global adresses...

So I am wondering how to implement a IPv6-HA-scenario on my site...

Best regards,

Peter

jrqiii429 Mon, 08/06/2012 - 07:11

I am experiencing the same issue while trying to implement HSRP between two ASR1002 routers.  Has any answer been provided on when HSRP Global IPv6 unicast addressing will be available?  Or perhaps someone could provide more information as to how this can be accomplished via Link Local. 

Thanks,

John

FIDLAFIDLA Mon, 08/06/2012 - 23:13

Normally... you just route packets using link local addresses as next hop. This is what RFC defines.

Why not use normal approach?

If you say because ICMP ... Well if router generates ICMP  (for example hop limit exceeded in transit) it will assign address from the same scope as destination (you can still assign global address to an interface, and use link local for next hop)

So what are reasons for using GA for HSRP? If you introduce reason, we can find solution

mcgee Mon, 08/06/2012 - 23:48

Thomas,

not all (Non-Cisco-)routers can deal with LL-Addresses.

For example, on our firewall it is not possible to configure

- LL-Address on Interface (I could deal with that)

but it's neither possible to configure

- a default-route to LL-Addresses (provided from my two Cisco-Routers-HSRP)

So the default-route is the showstopper.

Best regards,

Peter

FIDLAFIDLA Tue, 08/07/2012 - 01:01

Hi,

ok this is problem. Can your firewall be configured with static mapping between ipv6 address and mac?

If so, can be virtual MAC staticly mapped to arbitrary IPv6 address?

I assume that you cannot use RA... (configuration or sec-policy reasons)

jrqiii429 Tue, 08/07/2012 - 04:26

We are a campus network with two direct fiber connections to our provider.  We use HSRP for redundancy in the instance that our main fiber is cut/unusable.  They provided us with the IPv6 addresses for both routers along with the Virtual address to use for HSRP.  We utilize static routing between us and our provider. 

I was hoping to be able to assign the virtual IP address as we can with HSRP w/ IPv4 but we only have the link-local or autoconfig option when configuring the IPv6 standby address.  In doing further research we can use the autoconfig option. That option should append the virtual MAC to the IPv6 prefix assigned to the interfaces, correct?  If I am correct in that assumption would we only need to ensure that our provider routes back to the autoconfigured address.

Also, I know this is a caveat with 3750's but with the ASR1002 can we utilize IPv4 and IPv6 HSRP groups on the same physical interface?  I don't have enough ASR 1002's to test this prior to implementation so I want to make sure we understand the configuration and how it will work before we try and implement during an outage.

Thanks,

John

mcgee Tue, 08/07/2012 - 05:59

Hi Tomas,

thank you four your ideas.

Our firewall is not capable of the mappings. I can only configure global-unicast-v6-addresses and the mask to the Interface, and Global-Unicast-Addresses as the destination in the routing-table.

I don't want to rely to RA because of sec-policy reasons.

Best regards,

Peter

FIDLAFIDLA Tue, 08/07/2012 - 07:21

Ok... according to my exploration feature is really not supported yet, same is true I think even for glbp.

Please take a look on your design, maybe RA is not security risk at all in this particullar case.

if you face firewall vs 2 routers, no other device in this vlan, is RA less secure then static IPv6 next hop configuration?

I'm asking, because I dont see positive answer (dont think is less secure).

Still I understand that security aspect is hard one and even suspicion can be enought to ban part of protocol.

stmillet Tue, 08/07/2012 - 16:57

The IPv6 HSRP feature with a global unicast IPv6 address is supported on the 6500 running 12.2(33)SXI4 or 15.0(1)SY versions of software.

e.g.

interface Ethernet0/0

no ip address

ipv6 address 2001:db8::1/64

standby version 2

standby 1 ipv6 2001:db8::2/64

standby 1 ipv6 2001:db8::3/64

standby 1 ipv6 2001:db8::4/64

end

FIDLAFIDLA Tue, 08/07/2012 - 23:30

That is true... I replayed just to the question (ASR 1k).

Still it is a wonderful solution in situation when you have sufficient funding.

Actions

Login or Register to take actions

This Discussion

Posted February 21, 2012 at 3:17 AM
Stats:
Replies:14 Avg. Rating:
Views:1967 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard