Re: [v6ops] Primary/failover use-case for draft-fbnvv-v6ops-site-multihoming ?

[Nick Buraglio <buraglio@forwardingplane.net>]

--
nb


------- Original Message -------
On Wednesday, August 2nd, 2023 at 7:22 PM, Erik Nygren <erik+ietf@nygren.org> wrote:


> On Fri, Jul 28, 2023 at 4:40 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> > On 29-Jul-23 04:45, Lorenzo Colitti wrote:
> > > If you have only one router with two uplinks, then you don't need to do any NAT. Just withdraw the PIO for the primary link (i.e., send the PIO with valid and preferred lifetime of 0) and announce the PIO for the backup link. This should just work.
> > 
> > It *should* just work, if you have negotiated exemptions from ingress filtering with the carriers involved. But is it realistic? You have a single CE connected directly to two different PEs. Isn't it more common to have a CE per carrier (and that means a CE that each carrier is willing to trust, even if they don't provide it)?
> > 
> > Also, you have a single point of failure (the single CE). That doesn't seem like a feature you want in a backup solution.
> 
> Perhaps it is too narrow of a use-case, but it does seem like there's the scenario of a single router that is connected to two CE devices. That seems pretty normal/common for the SOHO case. My personal experience (and I'd love to see better data on this) is that the most likely failure points are the uplinks. At home I've found I've had to manually switch which uplink I use a few times per year due to Comcast outages/maintenance/etc, but internal on-premise network devices need replacement once every few years.

This has been my experience as well. In fact, I was seeing link drops from my ONT and failing over to DOCSIS without my even knowing it for a while, due to the setup I have in place now. 

> 
> Jen's RFC 8475 (Conditional RAs) Section 3.2.1 with Primary/Backup seems very promising for this use-case, even if it is more focused on Enterprises. It's possible that this could be augmented by doing NAT66 in cases where traffic with the source address from the no-longer-active link continues to arrive (such as due to buggy client implementations).

I've been trying to fumble around to make this work since Jen pointed me at her document.  With some scripting on my current gear I'm pretty close, but it's really, really ugly and in no way supportable by a non-technical person. However, as a proof of concept, I think it is a reasonable step in the right direction.  

> 
> This might be too narrowly scoped, but this seems like a case trying out in the field and seeing what does and doesn't work (I plan to do so), and could be the sort of feature that could be valuable to have in SOHO routers. I suspect many of the users of this sort of thing really just want to buy something like a Ubiquiti DreamMachine and plug it into their cable CPE and a backup 5G CPE and select "give me primary/backup failover" and have things just work. (Or to do something equivalent for kit they ship to their branch offices with a wiring diagram). For a SOHO primary/backup casewhen this isn't looking for 5 9's but a way to make sure that the Zoom meetings keep working when one provider has an inconveniently timed multi-hour outage a few times per year.

This, exactly. SOHO and power users want an easy button for primary/failover. This works in v4 for all the reasons that have been hashed out forever, but it is a huge gap for IPv6, and that's one of the glaringly obvious conclusions from our draft. 

> 
> Erik
>