headers
Steve Bates | 3 May 2005 17:59
Picon

RE: draft-ietf-vrrp-unified-mib-02 -address prefix

Hi Kalyan,

This seemed like a good idea at one time, but I no longer think it's
necessary.  I suggest we drop it.

Steve

-----Original Message-----
From: Kalyan.Tata <at> nokia.com [mailto:Kalyan.Tata <at> nokia.com]
Sent: Wednesday, April 27, 2005 2:09 PM
To: Kalyan.Tata <at> nokia.com; Steve.Bates <at> ind.alcatel.com;
Mukesh.K.Gupta <at> nokia.com
Cc: radia.perlman <at> sun.com; vrrp <at> ietf.org
Subject: RE: [VRRP] draft-ietf-vrrp-unified-mib-02 - index order

hi Steve,
	Just resending this message incase you did not get it earlier..
thanks
Kalyan

-----Original Message-----
From: Tata Kalyan (Nokia-ES/MtView)
Sent: 26 April, 2005 14:37
To: 'ext Steve Bates'; Gupta Mukesh.K (Nokia-NET/MtView)
Cc: radia.perlman <at> sun.com
Subject: RE: [VRRP] draft-ietf-vrrp-unified-mib-02 - index order

hi Steve,
	I was just trying to understand the use of it.
Please correct me if my understanding of this is not right:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kalyan.Tata | 3 May 2005 19:16
Picon

RE: draft-ietf-vrrp-unified-mib-02 -address prefix

Thanks Steve,
	I will finalize the draft and will be submitting today.

Thanks
-kalyan

-----Original Message-----
From: ext Steve Bates [mailto:Steve.Bates <at> ind.alcatel.com]
Sent: 03 May, 2005 09:00
To: Tata Kalyan (Nokia-ES/MtView); Gupta Mukesh.K (Nokia-NET/MtView)
Cc: vrrp <at> ietf.org
Subject: RE: [VRRP] draft-ietf-vrrp-unified-mib-02 -address prefix

Hi Kalyan,

This seemed like a good idea at one time, but I no longer think it's
necessary.  I suggest we drop it.

Steve

-----Original Message-----
From: Kalyan.Tata <at> nokia.com [mailto:Kalyan.Tata <at> nokia.com]
Sent: Wednesday, April 27, 2005 2:09 PM
To: Kalyan.Tata <at> nokia.com; Steve.Bates <at> ind.alcatel.com;
Mukesh.K.Gupta <at> nokia.com
Cc: radia.perlman <at> sun.com; vrrp <at> ietf.org
Subject: RE: [VRRP] draft-ietf-vrrp-unified-mib-02 - index order

hi Steve,
	Just resending this message incase you did not get it earlier..
(Continue reading)

Permalink | Reply | 0 comments |
headers
Biao Gao (bigao | 4 May 2005 04:53
Picon
Favicon

VRRP for IPv6 questions

Hi,
 
I have some questions regarding VRRP for IPv6:
 
Since link-local IPv6 address is mandatory in the VRRP advertisement packet, does this imply each virtual router has to be configured a link-local IPv6 address? If this address is automatically generated from an IPv6 address to be backed up, like Steve mentioned, when there are more than one address associated with the virtual router, how do the other routers in the same group know which address to use to generate the link-local address? It seems some explicit configuration has to be done.
 
To configure an IPv6 address for a virtual router, does it have to be in the same subnet of one of interface's IPv6 addresses? If not, what is the prefix length of the subnet?
 
In the draft, the IP address owner is defined to be "The VRRP router that has the virtual router's IP address(es) as real interface address(es)". As there can be multiple IPv6 addresses on an interface and associated with a virtual router, I assume this refers to the link-local address. Then the owner of the link-local address also assumes the ownership for the other addresses in the priority 255 advertisement, and the real owners of these addresses are masked out. Is this kind of configuration valid or not?
 
Any insight into these?
 
Thanks,
 
Biao
 
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 1 comment |
headers
John.Cruz | 4 May 2005 20:44
Picon

RE: VRRP for IPv6 questions

Yes... each virtual router has to configured with a link-local IPv6 address. The original
draft had support for link-local virtual addresses only. The support for global addresses
was added later.
 
The IPv6 address for a virtual router must belong to one of the interface's subnet. Infact,
the virtual address should be configured to be the interface's IPv6 address.
 
Typically, one configures VRRP on an interface. Depending upon the implementation, either
all IPv6 addresses assigned to the interface can be virtual IP addresses or the user can
be given an option of choosing the addresses that they would like to designate as virtual
IP addresses. Whoever is the VRRP master will "own" these addresses. When the master's
interface is down, then all the addresses configured as virutal IP addresses on that interface
will be backed-up by the new master. The configuration that you describe does not seem
valid.
 
John
-----Original Message-----
From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org]On Behalf Of ext Biao Gao (bigao)
Sent: Tuesday, May 03, 2005 7:53 PM
To: vrrp <at> ietf.org
Subject: [VRRP] VRRP for IPv6 questions

Hi,
 
I have some questions regarding VRRP for IPv6:
 
Since link-local IPv6 address is mandatory in the VRRP advertisement packet, does this imply each virtual router has to be configured a link-local IPv6 address? If this address is automatically generated from an IPv6 address to be backed up, like Steve mentioned, when there are more than one address associated with the virtual router, how do the other routers in the same group know which address to use to generate the link-local address? It seems some explicit configuration has to be done.
 
To configure an IPv6 address for a virtual router, does it have to be in the same subnet of one of interface's IPv6 addresses? If not, what is the prefix length of the subnet?
 
In the draft, the IP address owner is defined to be "The VRRP router that has the virtual router's IP address(es) as real interface address(es)". As there can be multiple IPv6 addresses on an interface and associated with a virtual router, I assume this refers to the link-local address. Then the owner of the link-local address also assumes the ownership for the other addresses in the priority 255 advertisement, and the real owners of these addresses are masked out. Is this kind of configuration valid or not?
 
Any insight into these?
 
Thanks,
 
Biao
 
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Steve Bates | 5 May 2005 00:27
Picon

RE: VRRP for IPv6 questions

Biao,
 
You raise some interesting points, including one about the prefix length that I had not considered. 
 
The ability to choose a particular address that can be used to generate the link local address seems to be fairly implementation dependent.  It was fairly easy to do based on RFC 3768 when one had the option of requiring virtual routers to have a matching list of IP addresses, but this may no longer be the case for VRRPv3.
 
Section 7.1 of the current IPv6 draft does not appear to have been updated when the advertisement was modified to include multiple IP addresses.  The draft states that on receipt of an advertisement a VRRP router:
 
      - MAY verify that the IPv6 Address matches the IPv6_Address
        configured for the VRID.
 
One might think that with multiple IP addresses the wording might be more like RFC 3768:
 
   -  MAY verify that "Count IP Addrs" and the list of IP Address
      matches the IP_Addresses configured for the VRID
 
Or else explicitly state that only the first IP address MAY be checked.  In any case, explicit configuration should always be possible.
 
Before today I had assumed that there was nothing to prevent a user from configuring any IP address for the virtual router, and I guess that hasn't changed.  However, based on your question I realize that without a prefix length, it is not practically possible.  It seems that the address must belong to one of the interface' subnets in order to obtain a useful prefix length for the router advertisement.
 
To be an IP address owner all of a virtual router's IP addresses must match it's IP interface addresses, otherwise we run into exactly the problem you point out - several virtual routers claiming to be the owner and sending advertisements with priority 255.  Our experience has been that very few users assign the interface address to the virtual router.  There are probably several reasons: 1) It's easier to keep track of addresses. 2) The owner always preempts the backup and this can lead to problems particularly after a reboot. 3) Ping.
 
Steve


-----Original Message-----
From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Biao Gao (bigao)
Sent: Tuesday, May 03, 2005 8:53 PM
To: vrrp <at> ietf.org
Subject: [VRRP] VRRP for IPv6 questions

Hi,
 
I have some questions regarding VRRP for IPv6:
 
Since link-local IPv6 address is mandatory in the VRRP advertisement packet, does this imply each virtual router has to be configured a link-local IPv6 address? If this address is automatically generated from an IPv6 address to be backed up, like Steve mentioned, when there are more than one address associated with the virtual router, how do the other routers in the same group know which address to use to generate the link-local address? It seems some explicit configuration has to be done.
 
To configure an IPv6 address for a virtual router, does it have to be in the same subnet of one of interface's IPv6 addresses? If not, what is the prefix length of the subnet?
 
In the draft, the IP address owner is defined to be "The VRRP router that has the virtual router's IP address(es) as real interface address(es)". As there can be multiple IPv6 addresses on an interface and associated with a virtual router, I assume this refers to the link-local address. Then the owner of the link-local address also assumes the ownership for the other addresses in the priority 255 advertisement, and the real owners of these addresses are masked out. Is this kind of configuration valid or not?
 
Any insight into these?
 
Thanks,
 
Biao
 
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Biao Gao (bigao | 5 May 2005 01:29
Picon
Favicon

RE: VRRP for IPv6 questions

Thanks to Steve and John for the clarifications.
 
One last note, if the virtual router's link-local address does not have to be one of VRRP router's interface addresses, using VR Mac to form the link-local address seems to be fairly convenient. Any comment?
 
Biao

From: Steve Bates [mailto:Steve.Bates <at> ind.alcatel.com]
Sent: Wednesday, May 04, 2005 3:27 PM
To: Biao Gao (bigao); vrrp <at> ietf.org
Subject: RE: [VRRP] VRRP for IPv6 questions

Biao,
 
You raise some interesting points, including one about the prefix length that I had not considered. 
 
The ability to choose a particular address that can be used to generate the link local address seems to be fairly implementation dependent.  It was fairly easy to do based on RFC 3768 when one had the option of requiring virtual routers to have a matching list of IP addresses, but this may no longer be the case for VRRPv3.
 
Section 7.1 of the current IPv6 draft does not appear to have been updated when the advertisement was modified to include multiple IP addresses.  The draft states that on receipt of an advertisement a VRRP router:
 
      - MAY verify that the IPv6 Address matches the IPv6_Address
        configured for the VRID.
 
One might think that with multiple IP addresses the wording might be more like RFC 3768:
 
   -  MAY verify that "Count IP Addrs" and the list of IP Address
      matches the IP_Addresses configured for the VRID
 
Or else explicitly state that only the first IP address MAY be checked.  In any case, explicit configuration should always be possible.
 
Before today I had assumed that there was nothing to prevent a user from configuring any IP address for the virtual router, and I guess that hasn't changed.  However, based on your question I realize that without a prefix length, it is not practically possible.  It seems that the address must belong to one of the interface' subnets in order to obtain a useful prefix length for the router advertisement.
 
To be an IP address owner all of a virtual router's IP addresses must match it's IP interface addresses, otherwise we run into exactly the problem you point out - several virtual routers claiming to be the owner and sending advertisements with priority 255.  Our experience has been that very few users assign the interface address to the virtual router.  There are probably several reasons: 1) It's easier to keep track of addresses. 2) The owner always preempts the backup and this can lead to problems particularly after a reboot. 3) Ping.
 
Steve


-----Original Message-----
From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Biao Gao (bigao)
Sent: Tuesday, May 03, 2005 8:53 PM
To: vrrp <at> ietf.org
Subject: [VRRP] VRRP for IPv6 questions

Hi,
 
I have some questions regarding VRRP for IPv6:
 
Since link-local IPv6 address is mandatory in the VRRP advertisement packet, does this imply each virtual router has to be configured a link-local IPv6 address? If this address is automatically generated from an IPv6 address to be backed up, like Steve mentioned, when there are more than one address associated with the virtual router, how do the other routers in the same group know which address to use to generate the link-local address? It seems some explicit configuration has to be done.
 
To configure an IPv6 address for a virtual router, does it have to be in the same subnet of one of interface's IPv6 addresses? If not, what is the prefix length of the subnet?
 
In the draft, the IP address owner is defined to be "The VRRP router that has the virtual router's IP address(es) as real interface address(es)". As there can be multiple IPv6 addresses on an interface and associated with a virtual router, I assume this refers to the link-local address. Then the owner of the link-local address also assumes the ownership for the other addresses in the priority 255 advertisement, and the real owners of these addresses are masked out. Is this kind of configuration valid or not?
 
Any insight into these?
 
Thanks,
 
Biao
 
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 1 comment |
headers
Vedavinayagam Ganesan | 17 May 2005 21:13
Favicon

VRRPv3 draft with global address support

Can any one point me the VRRPv3 draft which mentions the support for global ipv6 address?

Thanks in advance

Vedavinayagam




_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Ravindran Rajarao | 18 May 2005 20:52

question regarding packets originating from backup router

Folks,

   I am reposting these questions to the vrrp group again.

1. If an user initiate "ping" (IPDA is VIP) from backup vrrp router.

   - What is the expected behavior in the backup vrrp router?

   - Should the backup vrrp router send ARP to resolve MAC?

   - Should the ping packets be sent or dropped by the backup vrrp

router?

   - Similarly, can backup vrrp router telnet to the VIP?

   - What impact to network if backup vrrp router does send the ping

out?

 

2. If an user provisions a static route in the backup vrrp router

   and attempts to reach a remote host via VIP, what is the expected

   behavior of the backup vrrp router?

   - Should this static route even be allowed provisioned?

   - Should the transit packet be forwarded to the VIP?

   - What impact to network if the transit packet pass through?

 

 

     Please send us an email if you need more information or I will try posting this to a wider audience.

Cheers

Ravi

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 1 comment |
headers
Radia Perlman | 19 May 2005 04:20
Picon

Agenda items for Paris IETF?

Are there any items that people would like to discuss in a face-to-face
meeting in Paris? If so, send them to Mukesh and me.

Thanks,

Radia and Mukesh

radia.perlman <at> sun.com
Mukesh.K.Gupta <at> nokia.com

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |
headers
Don Provan | 19 May 2005 21:13
Favicon

RE: question regarding packets originating from backup router

A VR that is currently backup cannot use any of the VR addresses.
If it wants to communicate on the network, it must use an identity
independent of the VR. That independent identity can do whatever
it wants: it's not the VR, so what it does is unrelated to VRRP.
-don

-----Original Message-----
From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org]On Behalf Of Ravindran Rajarao
Sent: Wednesday, May 18, 2005 11:53 AM
To: vrrp <at> ietf.org
Subject: [VRRP] question regarding packets originating from backup router


Folks,
   I am reposting these questions to the vrrp group again.
 
1. If an user initiate "ping" (IPDA is VIP) from backup vrrp router.
   - What is the expected behavior in the backup vrrp router?
   - Should the backup vrrp router send ARP to resolve MAC?
   - Should the ping packets be sent or dropped by the backup vrrp
router?
   - Similarly, can backup vrrp router telnet to the VIP?
   - What impact to network if backup vrrp router does send the ping
out? 
 
2. If an user provisions a static route in the backup vrrp router
   and attempts to reach a remote host via VIP, what is the expected
   behavior of the backup vrrp router?
   - Should this static route even be allowed provisioned?
   - Should the transit packet be forwarded to the VIP?
   - What impact to network if the transit packet pass through?
 
 
     Please send us an email if you need more information or I will try posting this to a wider audience.
Cheers
Ravi
_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp
Permalink | Reply | 0 comments |

Gmane