cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6122
Views
0
Helpful
6
Replies

Why use link-local addressing for HSRP in IPv6?

d_r_truman
Level 1
Level 1

I have scoured the internet for an answer to this question, and am no closer to having it answered.  Am hoping someone here can help!

* Why do we use link-local (or autoconfig) addresses for the standby IP in FHRPs?  If you are forwarding a packet towards a link-local destination address, wouldn't the source address then have to be a link-local address from the same prefix, which according to scope, should not route beyond the local link?  How do you route an IP packet that has a link-local address for a source address?

Any insight would be much appreciated.

Thank you in advance.

6 Replies 6

d_r_truman
Level 1
Level 1

This seems like a straightforward routing/theory question, but again, if we use link-local addressing for HSRP in IPv6, then why couldn't we use the 169.254.x.y APIPA addressing in IPv4 for standby addresses?

If your destination address is a link-local address, then the source would also have to be link-local, would it not?  And link-local addresses cannot be routed.

As per RFC4291, "Routers must not forward any packets with Link-Local source or destination addresses to other links."

Hi Douglas,

Good question. I hope below answer help you to understand the reason.

Link-local addresses are used in the neighbor discovery protocol and the stateless

autoconfiguration process. Nodes on a local link can use link-local addresses to communicate; the nodes

do not need globally unique addresses to communicate. There is no ARP in IPv6 and is replaced by neighbour discovery. So the devices on the same link will need to communicate using a Link local IPv6 address.

In the case of FHRP's we need 1 virtual MAC and 1 Virtual IP address. There will be only primary (global) addresses configured so neighbour discovery and solicitation process would not work so we need to assign a link local address manually for the Virtual MAC.

This has nothing to do with advertisement on the Internet since FHRP's are commonly used on the LAN side and they take global unique IPv6 addresses while going out.

I have this configured on both Cisco and Juniper envy and works perfectly well.

I hope that clears.

Regards,

Deepak.

Unfortunately, Deepak, this does NOT provide the answer I am looking for.

I realize that we use ND in place of ARP in IPv6.  I also realize that we use link-local addresses to communicate between devices on the local link.  This all makes sense and is commmon knowlege.

However, I still do not see the wisdom of using link-local addresses for the standby IP in FHRPs.  When we are talking about FHRPs, typically we are talking about creating a fault-tolerant gateway, to serve as a first-hop for hosts to communicate with the outside world and all the rest of the globally routable IPv6 address space.

By using a link-local address for a gateway, aren't we guaranteeing that no packets will route beyond the gateway, by virtue of its limited scope?  How can we source link-local addresses in a packet destined for a globally routable IPv6 destination?  Wouldn't then basically be talking about NAT then?

Hi Douglas,

As per the RFC, when a packet is destinated to LL address, the scope is link local. But using FHRP will not rerite the destination IPv6 address in any traffic.

As you may be aware, the primary functionality of FHRP is to provide gateway redundancy on a LAN. So, no transit traffic will be (or required to be) destinated to LL virtual address. THis is used only to identify the right gateway, build the L2 header (with right MAC address) and send across to the primary gateway.

Assume in below topology,

                            |-----------GW1------Cloud

User--------R-----------|

                            |------------GW2------Cloud

Assume you have HSRP used in LAN connecting GW1, GW2 and R. This will be used as nexthop in R's RIB to reach CLOUD. When any traffic is received from user destinated to CLOUD, R will perform a lookup in RIB to understand that it needs to be forwarded to Virtual LL address, generate L2 header (no L3 rewrite) and send to primary GW.

primary GW while receiving the traffic will have global address as both source and destination and there is no LL address in the received traffic.

Hope this clarifies.

Regards,

Nagendra

Dougles,

next hop is used for reaching "gateway" that know where to send packets farther (read it as "next hop to the destination")... routing in IPvX is hopping between nodes where every hop is closer to destination... This is theory behind.

So as machine that needs to send packet to "not directly connected destination" you only need to send packet to gateway leading to this destination...

so you need to send packet so, that "gateway" will recieve this packet and gateway then send this packet farther... it is not important what IP address this gateway has.

On ethernet you only need to know MAC address of this gateway and you send packet (with your source IPv6 address and intended destination IPv6 address) encapsulated with "destination MAC address" of gateway. When gateway recieve ethernet frame, and this frame is for it (destination MAC address is its MAC address), the gateway will proceed IP header (inside IP header the gateway see IT is not final destination for this packet, and gateway will route this packet).

So configuring IP address as next hop is just "hleper for simpler administration".. MAC address of gateway is important. In IPv4 address resolution protocol (ARP) is used to automaticly get MAC address of gateway if you configure next hop as IP address. In IPv6 there is neighbor discovery protocol(ND) used for this task.

conclusion: you can use link local address as nex hop address for addresses from any scope ... next hop is just next hop, it is not used just for the same scope communication.

And question is... if we need just information about MAC address of gateway, why to ask using global address?

We need to get MAC address... that is information important just "locally"... so to ask for local information, why not use link local address ?

HSRP is the same case... really just need MAC address to send packets correctly.

Thank you, Deepak, Tomas, and Nagendra for your inputs!  Your help is greatly appreciated.

I was falling into the trap of thinking that to forward towards a link-local address required the source address to be of link-local scope as well.  The link-local standby IP does not change the scope of the source or destination address (both of which may be globally routable), it is only an identifier to resolve the layer-2 address of the gateway on the local link.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco