Messages

1

High availability / Re: IPv6 Router Advertisement 22.x

« on: March 04, 2022, 02:30:51 pm »

Create a CARP address of fe80::1 or fe80::<vlan-id> (what we use) and please tell me how that works out. I will have to upgrade my 21.7.8 cluster sooner or later.

Thanks. After creating fe80::1 as CARP address you can select it as source address for router advertisement and only this address is then assigned to the clients as gateway.

You probably had an IPv4 CARP address selected there which really did not work at least as far as address use in IPv6 goes. The limitation is as stated: you need a link local IPv6 alias (with VHID or without) or a primary CARP link-local address. The whole modelling of these VIP types is a bit arcane and dates back to simpler times when IPv6 wasn't around in the software to begin with.

I am pretty sure that I had a global unique ipv6 address as carp address (2001:x:x... ) and had that same address selected as source address for router advertisements before.

2

High availability / IPv6 Router Advertisement 22.x

« on: March 03, 2022, 05:57:19 pm »

Pre 22.x release it was possible to use a specific virtual ip address (carp) as source address for router advertisements. Now the only option is "Automatic".

In a HA setup you could use an IPv6 carp address for router advertisements so clients would use that carp address as default gateway and routing is fixed to a single node.
Now opnsense uses the link local address for advertisement and as such the clients get multiple ipv6 default gateways assigned (one for each HA node).
This can introduce routing issues when the return path of packets differs. Clients may discard packets when the return packet is received from a different ip than the original packet was sent to.

What is the correct way to setup router advertisement in HA setup with 22.x?