Re: IPv6 router

To: BERTRAND Joël <joel.bertrand%systella.fr@localhost>
Subject: Re: IPv6 router
From: Ignatios Souvatzis <ignatios%cs.uni-bonn.de@localhost>
Date: Wed, 11 Mar 2026 13:06:40 +0100

Hello Joël,

On Wed, Mar 11, 2026 at 12:32:23PM +0100, BERTRAND Joël wrote:

> ISP gives me 2a0a:1c84:1000:a00::/56 adresses. 2a0a:1c84:1000:a00::1 is
> IPv6 gateway. Between Cisco's routers and servers, I have configured
> 2a0a:1c84:1000:a00::/64 network.

> 	Thus, in a linux box, I have written :
[...]

>     pre-down /sbin/ip -6 route del unreachable 2a0a:1c84:1000:a00::/56
>     post-up /sbin/ip -6 route add unreachable 2a0a:1c84:1000:a00::/56

I think what you want to achieve with this is to avoid a packet ping-pong
between your outside connection and your router machine for packets 
addressed at your /56, but not served by your router itself or any
connected network. They would travel back and forth at line speed
until the hop limit is reached, thus amplifying any misaddressed 
packet. The unreachable route will block this, more specific routes
e.g. through additional interfaces would transfer only the explicitly
configured address ranges.

> 	In NetBSD side :
> 
> legendre# cat ifconfig.wm2
> tcp6csum udp6csum
> inet6 2a0a:1c84:1000:a00::3 prefixlen 64 alias
> mtu 1500
> up
> !route add -inet6 default 2a0a:1c84:1000:a00::1

To get the same effect, add the line
!route add -inet6 2a0a:1c84:1000:100::/56 ::1 -reject

(btw: you can write this:
> inet6 2a0a:1c84:1000:a00::3 prefixlen 64 alias
as follows:

inet6 2a0a:1c84:1000:a00::3/64 alias

)

Regards,
	-is
-- 
Ignatios Souvatzis, Chief IPv6 enabler		RFC 6540
Gemeinsame Systemgruppe b-it + Informatik	Tel. +49 228 73-60701
gsg%cs.uni-bonn.de@localhost

References:
- IPv6 router
  - From: BERTRAND Joël

Prev by Date: IPv6 router
Previous by Thread: IPv6 router
Indexes:

Home | Main Index | Thread Index | Old Index