randy/randy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
randy/vrrp-interop.md
Randy Bush 3a93639111 first hack
2023-05-30 15:58:38 -07:00

2.3 KiB
Raw Permalink Blame History

VRRP IPv6 Interoperation with Cisco IOS/XE

On most commercial routers, IPv6 VRRP is negotiated over IPv6 Link-Local Addresses (LLAs) that are automatically generated on each router. This holds true for ArcOS, Arista, Cisco IOS/XR, and JunOS. But, IOS/XE requires explicit VRRPv6 LLA configuration.

The Root Problem

The IOS Configuration guide says

VRRPv3 for IPv6 requires that a primary virtual link-local IPv6
address is configured to allow the group to operate. After the
primary link-local IPv6 address is established on the group, you
can add the secondary global addresses.

I.e. the operator MUST configure a manual LLA, IOS/XE can not use automatically generated LLAs for VRRPv6. This is, shall we say, unusual.

JunOS and IOS/XE

To accommodate this, one could configure short form LLAs a la

Cisco IOS/XE

vrrp 2 address-family ipv6
 description ipv6 vrrp
 priority 80
 address FE80:: primary
 address 2001:418:1::1/64

and JunOS

vrrp-inet6-group 2 {
    virtual-inet6-address 2001:0418:1::1;
    virtual-link-local-address FE80::;
    priority 100;
    accept-data;

This was working for us until we added a third router into the mix.

But

ArcOS does not like the short prefix LLA. ArcOS wants either an automatically generated LLA or an explicit full LLA a la

vrrp vrrp-group 2
 virtual-address [ 2001:418:1::1 ]
 virtual-link-local fe80::200:5eff:fe00:202
 priority 100

The Work-Around

To interoperate with all three flavors on the same LAN, the IOS/XE must be manually configured a la

vrrp 2 address-family ipv6
 description ipv6 vrrp
 priority 80
 address FE80:: primary
 address 2001:418:1::1/64

WARNING: I am not yet sure the short form LLA is correct here. We are still working on this.

The JunOS must use auto-generation, i.e. no LLA manual configuration, a la

vrrp-inet6-group 2 {
    virtual-inet6-address 2001:0418:1::1;
    priority 100;
    accept-data;

And ArcOS must manually configure a full explicit LLA a la

vrrp vrrp-group 2
 virtual-address [ 2001:418:1::1 ]
 virtual-link-local fe80::200:5eff:fe00:202
 priority 100

With thanks to Sukanya who figured this all out

2023.05.30