Subnet-Router Anycast address on Junos

In this post we are going to discuss Subnet-Router Anycast address and how it is configured on Junos.

The Subnet-Router anycast address is covered here: https://tools.ietf.org/html/rfc4291#section-2.6.1

The anycast address is the same as the unicast address from the interface with the difference that the interface identifier is set to zero.

Any router on the subnet should respond to the Neighbor Solicitation received on their anycast address.

The hosts use the first Neighbor Advertisement received and in case that the router becomes unreachable, another Neighbor Solicitation is sent by host.

The subnet-router anycast address can be used by hosts that need to communicate with any of the routers present on the link.

The hosts can use the subnet-router anycast address as their default gateway without the need to configure a specific default gateway on the hosts.

In this post, I used 17.1R1.

This is the diagram where I put some information to identify easier which devices sends which packets:

Each of the two routers has a loopback interface and a static route pointing to the other router’s loopback IPv6 address.

This is R1:

[edit]
root@R1# show interfaces lo0
unit 0 {
    family inet6 {
        address 2001:1:2:3::201/128;
    }
}

[edit]
root@R1# show routing-options
rib inet6.0 {
    static {
        route 2001:1:2:3::202/128 next-hop 2001:580:2111:240::202;
    }
}

[edit]
root@R1#

And this is R2:

[edit]
root@R2# show interfaces lo0
unit 0 {
    family inet6 {
        address 2001:1:2:3::202/128;
    }
}

[edit]
root@R2# show routing-options
rib inet6.0 {
    static {
        route 2001:1:2:3::201/128 next-hop 2001:580:2111:240::201;
    }
}

[edit]
root@R2#

The host has a default route pointing to the subnet-router anycast address:

root@UBUNTU-11:~# netstat -rn -A inet6
 Kernel IPv6 routing table
 Destination                    Next Hop                   Flag Met Ref Use If
 2001:580:2111:240::/64         ::                         U    256 0     1 eth2
 fe80::/64                      ::                         U    256 0     0 eth0
 fe80::/64                      ::                         U    256 0     0 eth2
 ::/0                           2001:580:2111:240::        UG   1   1     4 eth2
 ::/0                           ::                         !n   -1  1  2878 lo
 ::1/128                        ::                         Un   0   2     3 lo
 2001:580:2111:240::100/128     ::                         Un   0   2     6 lo
 fe80::5468:a5ff:fec2:415f/128  ::                         Un   0   1     0 lo
 fe80::5468:a5ff:fec2:4161/128  ::                         Un   0   1     0 lo
 ff00::/8                       ::                         U    256 0     0 eth0
 ff00::/8                       ::                         U    256 0     0 eth2
 ::/0                           ::                         !n   -1  1  2878 lo
 root@UBUNTU-11:~#

The ge-0/0/3 interface of R1 and R2 are configured in a similar manner:

[edit]
root@R1# show interfaces ge-0/0/3
unit 0 {
    family inet6 {
        address 2001:580:2111:240::201/64
    }
}

[edit]
root@R1#

Let’s try to ping the IPv6 addresses of the two Loopback interfaces, which should fail:

root@UBUNTU-11:~# ping6 2001:1:2:3::201
PING 2001:1:2:3::201(2001:1:2:3::201) 56 data bytes
From 2001:580:2111:240::100 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:580:2111:240::100 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:580:2111:240::100 icmp_seq=3 Destination unreachable: Address unreachable
^C
--- 2001:1:2:3::201 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3015ms

root@UBUNTU-11:~# ping6 2001:1:2:3::202
PING 2001:1:2:3::202(2001:1:2:3::202) 56 data bytes
From 2001:580:2111:240::100 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:580:2111:240::100 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:580:2111:240::100 icmp_seq=3 Destination unreachable: Address unreachable
^C
--- 2001:1:2:3::202 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3015ms

root@UBUNTU-11:~#

As you can see, it’s not working and this is because there is no neighbour discovery for the default gateway:

root@UBUNTU-11:~# ip -6 neigh
2001:580:2111:240:: dev eth2  FAILED
root@UBUNTU-11:~#

Trying to do a neighbor discovery fails:

root@UBUNTU-11:~# ndisc6 -m 2001:580:2111:240:: eth2
Soliciting 2001:580:2111:240:: (2001:580:2111:240::) on eth2...
Timed out.
Timed out.
Timed out.
No response.
root@UBUNTU-11:~#

Once subnet-router anycast is configured on the two routers, things will change.

This is how subnet-router anycast is configured:

[edit]
root@R1# show interfaces ge-0/0/3
unit 0 {
    family inet6 {
        address 2001:580:2111:240::201/64 {
            subnet-router-anycast;
        }
    }
}

[edit]
root@R1#

Let’s try one more time neighbor discovery:

root@UBUNTU-11:~# ndisc6 -m 2001:580:2111:240:: eth2
Soliciting 2001:580:2111:240:: (2001:580:2111:240::) on eth2...
Target link-layer address: 00:05:86:4E:AF:03
 from fe80::205:86ff:fe4e:af03
Target link-layer address: 00:05:86:7E:CC:03
 from fe80::205:86ff:fe7e:cc03
root@UBUNTU-11:~#

This is a tcpdump captured on the host when neighbor discovery happens:

root@UBUNTU-11:~# tcpdump -vvv -i eth2
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes
05:31:08.665610 IP6 (flowlabel 0x2a8e0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5468:a5ff:fec2:4161 > ff02::1:ff00:0: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2001:580:2111:240::
      source link-address option (1), length 8 (1): 56:68:a5:c2:41:61
        0x0000:  5668 a5c2 4161
05:31:08.793680 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::205:86ff:fe7e:cc03 > fe80::5468:a5ff:fec2:4161: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:580:2111:240::, Flags [router, solicited]
      destination link-address option (2), length 8 (1): 00:05:86:7e:cc:03
        0x0000:  0005 867e cc03
05:31:09.595182 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::205:86ff:fe4e:af03 > fe80::5468:a5ff:fec2:4161: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:580:2111:240::, Flags [router, solicited]
      destination link-address option (2), length 8 (1): 00:05:86:4e:af:03
        0x0000:  0005 864e af03
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@UBUNTU-11:~#

As you can see, both routers reply and there is a resolution for the default gateway pointing to R2:

root@UBUNTU-11:~# ip -6 neigh
2001:580:2111:240::201 dev eth2 lladdr 00:05:86:4e:af:03 router STALE
2001:580:2111:240::202 dev eth2 lladdr 00:05:86:7e:cc:03 router STALE
2001:580:2111:240:: dev eth2 lladdr 00:05:86:7e:cc:03 router REACHABLE
root@UBUNTU-11:~#

Now there should be reachability to the two IPv6 addresses from the Loopback interfaces:

root@UBUNTU-11:~# ping6 2001:1:2:3::201
PING 2001:1:2:3::201(2001:1:2:3::201) 56 data bytes
64 bytes from 2001:1:2:3::201: icmp_seq=1 ttl=64 time=4.94 ms
64 bytes from 2001:1:2:3::201: icmp_seq=2 ttl=64 time=2.49 ms
^C
--- 2001:1:2:3::201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.492/3.720/4.949/1.230 ms
root@UBUNTU-11:~# ping6 2001:1:2:3::202
PING 2001:1:2:3::202(2001:1:2:3::202) 56 data bytes
64 bytes from 2001:1:2:3::202: icmp_seq=1 ttl=64 time=1.48 ms
64 bytes from 2001:1:2:3::202: icmp_seq=2 ttl=64 time=1.59 ms
^C
--- 2001:1:2:3::202 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.482/1.538/1.594/0.056 ms
root@UBUNTU-11:~#

Because the host is using R2 as default gateway, when the host is trying to reach R1’s Loopback IPv6 address, the packet actually reaches R2 which sends an ICMPv6 redirect to the right router:

15:29:24.895900 IP6 (flowlabel 0xc2256, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:580:2111:240::100 > 2001:1:2:3::201: [icmp6 sum ok] ICMP6, echo request, seq 2
15:29:24.897715 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 152) fe80::205:86ff:fe7e:cc03 > 2001:580:2111:240::100: [icmp6 sum ok] ICMP6, redirect, length 152, 2001:1:2:3::201 to 2001:580:2111:240::201
      redirected header option (4), length 112 (14):
        0x0000:  040e 0000 0000 0000 600c 2256 0040 3a40
        0x0010:  2001 0580 2111 0240 0000 0000 0000 0100
        0x0020:  2001 0001 0002 0003 0000 0000 0000 0201
        0x0030:  8000 4398 087a 0002 a4c0 f058 0000 0000
        0x0040:  66ab 0d00 0000 0000 1011 1213 1415 1617
        0x0050:  1819 1a1b 1c1d 1e1f 2021 2223 2425 2627
        0x0060:  2829 2a2b 2c2d 2e2f 3031 3233 3435 3637
        0x0000:  0000 0000 0000 600c 2256 0040 3a40 2001
        0x0010:  0580 2111 0240 0000 0000 0000 0100 2001
        0x0020:  0001 0002 0003 0000 0000 0000 0201 8000
        0x0030:  4398 087a 0002 a4c0 f058 0000 0000 66ab
        0x0040:  0d00 0000 0000 1011 1213 1415 1617 1819
        0x0050:  1a1b 1c1d 1e1f 2021 2223 2425 2627 2829
        0x0060:  2a2b 2c2d 2e2f 3031 3233 3435 3637
15:29:24.898338 IP6 (flowlabel 0xc2256, hlim 64, next-header ICMPv6 (58) payload length: 64) 2001:1:2:3::201 > 2001:580:2111:240::100: [icmp6 sum ok] ICMP6, echo reply, seq 2

You can even connect to the subnet-router anycast address, which in this case is on R2:

root@UBUNTU-11:~# ssh root@2001:580:2111:240::
Password:
Last login: Fri Apr 14 05:00:52 2017 from 192.168.20.17
--- JUNOS 17.1R1.8 Kernel 64-bit  JNPR-10.3-20170209.344539_build
root@R2:~ # logout
Connection to 2001:580:2111:240:: closed.
root@UBUNTU-11:~#

For testing purposes, ge-0/0/3 on R3 was brought down and now the default gateway should be resolved by R1:

root@UBUNTU-11:~# ip -6 neigh
2001:580:2111:240::201 dev eth2 lladdr 00:05:86:4e:af:03 router STALE
fe80::205:86ff:fe4e:af03 dev eth2 lladdr 00:05:86:4e:af:03 router STALE
2001:580:2111:240::202 dev eth2 lladdr 00:05:86:7e:cc:03 router STALE
2001:580:2111:240:: dev eth2 lladdr 00:05:86:4e:af:03 router REACHABLE
root@UBUNTU-11:~#

Again, connecting to the subnet-router anycast address, should land you on R1:

root@UBUNTU-11:~# ssh root@2001:580:2111:240::
The authenticity of host '2001:580:2111:240:: (2001:580:2111:240::)' can't be established.
ECDSA key fingerprint is SHA256:1bhTVNqTbgTMEYKEYiSSSFUpZoSqdVMMMsUS//UqSok.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2001:580:2111:240::' (ECDSA) to the list of known hosts.
Password:
Last login: Fri Apr 14 05:04:08 2017 from 192.168.20.17
--- JUNOS 17.1R1.8 Kernel 64-bit  JNPR-10.3-20170209.344539_build
root@R1:~ #
root@R1:~ #    logout
Connection to 2001:580:2111:240:: closed.
root@UBUNTU-11:~#

And this would be all about subnet-router anycast address on Junos.

Just remember that you need to use some of the newer releases in order to be able to configure the routers to reply for subnet-router anycast address.

I hope you found this interesting and useful.

The following two tabs change content below.

• Bio
• Latest Posts

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Latest posts by Paris ARAU (see all)

• Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
• Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
• Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
• Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
• Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018