From owner-freebsd-net@freebsd.org  Sun Sep  1 20:03:17 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3D2C4E38CE
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun,  1 Sep 2019 20:03:17 +0000 (UTC) (envelope-from hrs@allbsd.org)
Received: from mail.allbsd.org (mx.allbsd.org [IPv6:2001:2f0:104:e001::41])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail.allbsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46M4033Q9cz3GST
 for <freebsd-net@freebsd.org>; Sun,  1 Sep 2019 20:03:15 +0000 (UTC)
 (envelope-from hrs@allbsd.org)
Received: from mail-d.allbsd.org ([IPv6:2409:11:a740:4700:58:65ff:fe00:b0b])
 (authenticated bits=56)
 by mail.allbsd.org (8.15.2/8.15.2) with ESMTPSA id x81K2cka014931
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK)
 (Client CN "/CN=mail-d.allbsd.org", Issuer
 "/C=US/O=Let's+20Encrypt/CN=Let's+20Encrypt+20Authority+20X3"); 
 Mon, 2 Sep 2019 05:02:56 +0900 (JST) (envelope-from hrs@allbsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=allbsd.org;
 s=20190220; t=1567368184;
 bh=UKo44TZ45lOUN01hagKEfXMygqpveQs+ywvYJ1TJsug=;
 h=Date:To:Cc:From:In-Reply-To:References;
 b=D4IveSRdUQvlp6U/aqK1jye5Gtuj5C95c7qF4cJZfb0/VHIiwtIH3GG43fjOzmVS9
 RBS3mIZZB0Sua33tvjAAjnteRaxKibjP0x4F+ypHs9CQ0R7NQ8vXDK2K12uvR5vCil
 jGF//DNCeGx3wUgjgWToXFxzRnLqWNQSZ90cA6DY=
Received: from alph.d.allbsd.org ([IPv6:2409:11:a740:4700:16:ceff:fe34:2700])
 by mail-d.allbsd.org (8.15.2/8.15.2) with ESMTPS id x81K2XSp058741
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
 Mon, 2 Sep 2019 05:02:33 +0900 (JST) (envelope-from hrs@allbsd.org)
Received: from localhost (localhost [[UNIX: localhost]]) (authenticated bits=0)
 by alph.d.allbsd.org (8.15.2/8.15.2) with ESMTPA id x81K2SWd058737;
 Mon, 2 Sep 2019 05:02:32 +0900 (JST) (envelope-from hrs@allbsd.org)
Date: Mon, 02 Sep 2019 04:41:35 +0900 (JST)
Message-Id: <20190902.044135.1812305046881448068.hrs@allbsd.org>
To: vas@mpeks.tomsk.su
Cc: freebsd-net@freebsd.org
Subject: Re: Several IPv6 routers and default gateway choice
From: Hiroki Sato <hrs@allbsd.org>
In-Reply-To: <20190901141047.GA56954@admin.sibptus.ru>
References: <20190830021228.GA66465@admin.sibptus.ru>
 <20190830.121543.1108900942284640156.hrs@allbsd.org>
 <20190901141047.GA56954@admin.sibptus.ru>
X-Old-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-PGPkey-fingerprint: 6C0D 2353 27CF 80C7 901E  FDD2 DBB0 7DC6 6F1F 737F
X-Mailer: Mew version 6.8 on Emacs 26.2
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha512;
 boundary="--Security_Multipart(Mon_Sep__2_04_41_35_2019_771)--"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2
 (mail.allbsd.org [IPv6:2001:2f0:104:e001:0:0:0:41]);
 Mon, 02 Sep 2019 05:03:04 +0900 (JST)
X-Rspamd-Queue-Id: 46M4033Q9cz3GST
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=allbsd.org header.s=20190220 header.b=D4IveSRd;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of hrs@allbsd.org designates
 2001:2f0:104:e001::41 as permitted sender) smtp.mailfrom=hrs@allbsd.org
X-Spamd-Result: default: False [-6.27 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[allbsd.org:s=20190220];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[allbsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[allbsd.org:+];
 RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[];
 NEURAL_HAM_SHORT(-0.99)[-0.988,0]; SIGNED_PGP(-2.00)[];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:7514, ipnet:2001:2f0::/32, country:JP];
 IP_SCORE(-2.18)[ip: (-9.63), ipnet: 2001:2f0::/32(-4.36), asn: 7514(3.09),
 country: JP(-0.03)]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Sep 2019 20:03:17 -0000

----Security_Multipart(Mon_Sep__2_04_41_35_2019_771)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Victor Sudakov <vas@mpeks.tomsk.su> wrote
  in <20190901141047.GA56954@admin.sibptus.ru>:

va> Hiroki Sato wrote:
va> >  Another way to realize failover is to use a common anycast address on
va> >  multiple routers. For example, a router is always able to have
va> >  fe80::/64 as an anycast address like this:
va> >
va> >   router# ifconfig igb0 inet6 fe80::/64 anycast
va> >
va> >  and you can simply configure fe80::/64 as the default router on the
va> >  hosts.  Multiple routers with the same fe80::/64 can coexist on the
va> >  same segment, and hosts will choose one of them with no further
va> >  configuration.  A caveat in this case is that the first router always
va> >  wins and there is no knob to set the preferences across the routers
va> >  with the same anycast address configured.
va>
va> Thank you Hiroki, this was very informative and useful.
va>
va> Can any IPv6 unicast or link-local address be configured as an anycast
va> address of a router?

 Yes.  There is no restriction about address scope.

 You might want to read RFC 4291, which defines Subnet-Router anycast
 address, and RFC 2526, which defines the other reserved IPv6 subnet
 anycast addresses.  In general, the former one can be used for
 routing purpose.

va> address of a router? Is this a replacement for VRRP and carp(4)?

 Mostly yes.  VRRP and CARP use a virtual IP address and active
 heartbeat packets to detect unreachability between the member NICs.
 They support fine-grained configurations such as heartbeat interval,
 password, and preference.  On the other hand, anycast IPv6 default
 router uses built-in unreachability detection of the IPv6 core
 protocol.  No control communication happens between NICs with the
 same anycast address.  The client will pick up one router and use it
 as long as it is reachable.  It is only for IPv6, of course.

 So the anycast address just works if you do not need password or
 control of the master selection.  For master selection, router
 advertisements with different preference values can be used in
 combination with anycast addresses.

-- Hiroki

----Security_Multipart(Mon_Sep__2_04_41_35_2019_771)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iMcEABMKAC0WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXWwe7w8caHJzQGFsbGJz
ZC5vcmcACgkQ27B9xm8fc3/MNwIHQWKy2HY3AqQ6I3GyCLW/RwR60OoGYCdQz7ed
eEehPjESKFB7gv/Jbk7HkXA3empwu819Yx7pH6VDLAYPza9KVw8CBRYidmjr231e
4x/E1TUVFkO5TcBWM222xyvawDS1EqtBNUeMnGecxvzoT37mHU8mUBZ8lRkMKnOk
NUZqPTbLTM6r
=VqQN
-----END PGP SIGNATURE-----

----Security_Multipart(Mon_Sep__2_04_41_35_2019_771)----