Re: ping-pong phenomenon with p2p links & /127 prefixes

[Truman Boyes <truman@suspicious.org>]

On 17/08/2010, at 7:11 AM, sthaug@nethelp.no wrote:

>>> Even if I did know the other side's global address, monitoring pings
>>> cannot be sent to fe80::2. We'll have to ping c001:cafe::2 and
>>> manually link that status with fe80::2 peering session on the NMS.
>>> I would hate to do that with hundreds of sessions running inside my network.
>>> That's always been a causes mistakes. We want to monitor what's
>>> acutally running and not some alias address.
>> 
>> yes, I see that point.
>> how do you troubleshoot when you get a OSPFv3, RIP, or ISIS neighbor down message?
>> cause then you'd only have a link-local address or a CLNS address. or is BGP troubleshooting different in some way?
> 
> As of right now, we also have IPv4 addresses on the same links. The traps
> we receive normally include enough info (e.g. circuit id, interface name,
> IP address, whatever) that we can easily identify the link. Having links
> with only IPv6 link-local addresses *and* no further info included in the
> traps would be unacceptable.
> 
> All our core links are configured with "normal" (global) IPv6 addresses.
> We are fully aware of the fact that the routers also use IPv6 link local
> addresses as *next hop* for most protocols (e.g. iBGP, IS-IS). We don't
> deal with these link local addresses at all under normal circumstances -
> instead we deal with the interface names that the routers also helpfully
> tell us.
> 
> Similarly, all our IPv6 eBGP peerings are configured with global IPv6
> addresses - here the IPv6 next hop is also a global IPv6 address.
> 
> So, to sum up: yes, we know that the IPv6 link local addresses exist on
> our routers, no we don't normally "deal" with these addresses in any way.
> 
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no


Greetings, 

I share the same sentiments that Steinar has outlined in his post. In the networks that I build, I would prefer to use IPv6 global addresses for peering. I find any position that management systems will reduce the operational complexity of peering with IPv6 link-locals to be academic; the position of security in peering is an interesting one and in some circumstances I would even consider the use of it, but I would certainly not convert any large scale network to using link-local peering without having the necessary code to manage all existing events. 

I think that there will be considerable "resistance to change", and any strong argument for the change needs to be outlined. At this time I have not seen a strong one presented. We (all of us) have been running, building, innovating changes to service provider networks for years and in a market where margins become smaller and smaller, the case would need to be presented where there was significant value in the change to link-local peering. 

Kind regards,
Truman