Re: ICMP6 redirect

[Erik Nordmark <nordmark@acm.org>]

On 7/25/12 3:38 AM, Andrew McGregor wrote:

> This originally came in the context of VRRP v3. If you want to run
> some dynamic routing protocol at the same time as VRRP on the same
> VLAN, you need another link-local address to talk to your routing
> peers with, since there's no way for the non-master routers to use
> the VRRP address.  So, you have two (or more) link locals on the same
> VLAN.  Ideally only the VRRP one should be used for sending RAs, of
> course.

Agreed.
Sounds like that is a small implementation matter in the router software.

> I totally agree that RAs should take care of this, and in fact I
> think one way to resolve the conundrum is to craft an RA to
> specifically tell the host it is onlink with that exact destination,
> rather than a redirect, since as I read the RA processing rules, it
> does not matter what source address the router uses in that case.

I guess I don't understand the problem you want to solve. Can you clarify?

I thought the problem  was that the 1st hop was suboptimal, and the 1st 
hop router wants to send a redirect to tell the host to use a different 
1st hop router to get to the offlink destination.
You can't do that by faking an RA.

But above it sounds like the destination is on-link. Is that the problem 
you want to solve?

While you can fake an RA for that, it runs into a issue with NUD should 
the destination ever move off-link. That issue is that the prefix 
information in the RAs time out based on the preferred/valid lifetime, 
and NUD doesn't affect that. Thus if the destination is no longer 
off-link, either the routers have to detect that and send a fake RA with 
the prefix with onlink=0, or communication will be broken until the 
valid lifetime of the prefix expires.

Redirects don't have that issue; NUD knows to ignore/discard the 
redirects when it doesn't get responses to the probes.

    Erik