VMAC for VRRPv3?

1
VMAC for VRRPv3?

• Analysis of Design Tradeoffs
• Mark.Hollinger_at_hp.com

2
Whirlwind Historical Context

• A few rare, broken ARP implementations for IPv4
  ignored gratuitous broadcasts
• To maximize interoperability, VRRP (and its
  proprietary forerunners) used VMAC
• VMAC has both benefits and drawbacks
• Current VRRP for IPv6 continues with VMAC mainly
  because it worked for IPv4

3
Advantages of VMAC

• Router failover is nearly invisible to hosts
• Non-compliant ND implementations work
• Packet loss between router and host at failover
  time is benign
• Helps router choose source address for ICMP error
  messages

4
Disadvantages of VMAC (1 of 2)

• Contributes to complexity of draft
• special rules for FDDI
• source routing concerns for Token Ring
• "When a VRRP router restarts or boots, it SHOULD
  not send any ND messages with its physical MAC
  address for the IPv6 address it owns, ..."
• Duplicate MAC addresses may not be handled well
  in some LAN environments
• ATM LAN Emulation beyond the scope of draft
• one 802.11 wireless station is limited to one
  address
• however, note that 802.1X access control looks OK

5
Disadvantages of VMAC (2 of 2)

• Tracing and quarantining failures or
  mis-configurations by MAC address is harder
• Hosts cannot readily detect failover
• Timing issues around LAN partitioning and
  reconnection become more complex
• Some router hardware does not support multiple
  MAC addresses (e.g., Cisco 4000 series)

6
Additional issues from the list

• Don Provans NetGear FS524S switch did not
  forward a new packet to the port where its source
  MAC address was last heard from
• two Masters will never hear each other
• Bridges using 802.1Q Shared VLAN Learning (SVL)
  would have trouble if the same VRID appeared on
  two VLANs

7
Scenario Normal Failover

• Two participating routers, on same switch
• VMAC works well here
• Only Switch B even notices a change

8
Scenario Rogue Router

• Unexpected VRRP router appears on LAN
• With VMAC, bridge tables change twice per second
  about half the packets get out
• Without VMAC, bridge forwarding tables never
  change hosts cache changes slowly
• LAN administrator traces MAC address

9
Scenario Packet Loss

• Router 1 is cut off Router 2 takes over
• Router 2s Neighbor Advertisement is lost
• VMAC has an advantage here
• But if Router 2 just repeats it 1 sec later
• If VRRP packet is lost, switches wont learn
  this works better without VMAC

10
Scenario Spanning Tree

• Switch B loses its connection to Switch A
• Switch C will join As span. tree in 20 sec
• Meanwhile, Router 2 becomes Master also
• With VMAC, Host 3 may lose for ½ sec
• Easier to analyze without VMAC

11
Questions?
12
Summary of Proposed Changes

• Eliminate use of VMAC, but
• Use virtual IPv6 address
• Bag MUST NOT answer ping if priolt255
• Listen/audit VRRP packets when prio255
• Accept VRRP packets with wrong interval
• Send unsolicited ND broadcast twice