[Oh wow, that subject field, so handy to indicate a topic change! ;) ] On 2010-10-21 18:29, Allen Smith wrote: [... well described situation about having two/multiple IPv4 upstreams, enabling dual-stack at both, but wanting to failover between them without doing NATv6 ...]
Short answer: you announce both PA prefixes using Router Advertisement (RA) inside the network. You pull the RA when a uplink goes down/breaks. Sessions break indeed, but because there is the other prefix they fall over to that and build up new sessions from there. Most RA "daemons" will properly send a 0-lifetime announcement to pull the prefix thus all hosts are automatically informed that the prefix has become invalid. Of course you can also make the router's IP address unreachable as then Neighbor Discovery will take care of failing over too. To address your 'we have multiple groups of people some use slow some use fast', put them in separate (V)LANs and presto. You could effectively live with using one prefix per group and only failing over to the other prefix when the primary one goes down; that is only RA the prefix to those VLANs when you really need it. You should be getting a /48 from both ISPs and here comes the reason for always getting a /48 and nothing else: you have the same numbering plan for all of them. Now the problem with such a setup is the many locations where you actually are hardcoding the IP addresses/prefixes into: firewalls, DNS etc. That is the hard part to solve, especially when these services are managed by other parties. Greets, Jeroen
