I have always used the Router's global address when configuring a static route or static default gateway. I have seen routing protocols like OSPF/BGP/etc. use link-local addresses for nexthop, but when statically configuring, I've always used the global address that is located within the same subnet as the host's address.
-Henry On Wed, Jul 18, 2018 at 4:45 PM, Aham Brahmasmi <[email protected]> wrote: > Hello misc, > > I am wondering whether the good volks here would be able to share > their insight on configuring the IPv6 gateway address for a machine > which has been assigned a static IPv6 address. > > Based on my layman research, there are two options: > 1) Link local gateway address - fe80::1%em0 (Preferable) > 2) Global unicast gateway address (router's IPv6 address) - xx:.... > > Which of the above is preferable? The reason I wish to ask is, after > trying to understand IPv6, I have understood that I do not understand > much. > > But based on what little I do understand, the switches need to have RA > guards, to protect from rogue RAs. Unfortunately, the baremetal provider > that I am working with has not yet been able to understand my concerns > and queries regarding the mitigations they have put in place for this > impersonation and other vectors. This has led me to use the fully static > configuration approach as outlined by Enno Rey in his APNIC blog post - > https://blog.apnic.net/2017/01/16/ipv6-configuration-approaches-servers/ > . > > Additionally, I came across net.inet6.ip6.accept_rtadv to disable > accepting router advertisements. However, I could not find it. So, > code searching led me to a commit [1] in sys/netinet6/in6.h which > removed the sysctl and introduced IFXF_AUTOCONF6. Searching for that > led me to inet6 autoconf. So, my current understanding is that > unless autoconf is specified, the router advertisements are not > accepted. Similarly, net.inet6.icmp6.rediraccept seems to have been > removed and is now dependent on IFXF_AUTOCONF6 [2]. > Please correct me if I am wrong. > > Finally, if there are things an IPv6 rookie should know but tends to > learn after getting burnt, pointers towards the same will be much > appreciated. > > Thanks. > > Regards, > ab > [1] - https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/ > netinet6/in6.h?rev=1.73&content-type=text/x-cvsweb-markup > [2] - https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/ > netinet6/icmp6.c?rev=1.148&content-type=text/x-cvsweb-markup > ---------|---------|---------|---------|---------|---------|---------|-- > >
