05-23-2014 02:17 AM - edited 05-23-2014 02:25 AM
I have two MLX-4 providing Internet access in an office building. Each VLAN is configured on both machines and VRRP-Extended is used on VLANs' VEs to provide IPv4 default gateway address. I hoped to use a similar approach for IPv6, that is to provide a VRRP-Extended based gateway address (fe80::1). Unfortunately both NetIrons send Router Advertisements both for their own link-local IPv6 address and the shared gateway. This way a client's computer receives 3 default routes and as seen in tcpdump output sends traffic directly to one of NetIrons (I've checked target MAC address) instead of the shared gateway.
MLX routers do not seem to have "ipv6 nd skip-interface-ra" command.
The only solution I've found is to create an IPv6 access list:
ipv6 access-list block_iface_ra deny icmp host $LINK_LOCAL_ADDRESS_OF_VE any router-advertisement sequence 10 permit ipv6 any any sequence 20
and bind it to VE. That seems a bit ugly to me, though.
ipv6 nd global-suppress-ra
interface ve 320 ip ospf area 172.17.0.0 ip address 172.17.32.11/24 ip helper-address 172.17.6.134 ip helper-address 172.17.6.133 ipv6 address 2a00:XXXX:fffb:320::11/64 ipv6 ospf area 172.17.0.0 ipv6 traffic-filter block_iface_ra out ipv6 nd send-ra ip vrrp-extended vrid 1 backup ip-address 172.17.32.1 activate ipv6 vrrp-extended vrid 6 backup ipv6-address fe80::1 ipv6-address 2a00:XXXX:fffb:320::1 activate