Le 11 mars 2026 13:06:40 GMT+01:00, Ignatios Souvatzis <[email protected]> a écrit : >Hello Joël, > >On Wed, Mar 11, 2026 at 12:32:23PM +0100, BERTRAND Joël wrote: > >> ISP gives me 2a0a:1c84:1000:a00::/56 adresses. 2a0a:1c84:1000:a00::1 is >> IPv6 gateway. Between Cisco's routers and servers, I have configured >> 2a0a:1c84:1000:a00::/64 network. > >> Thus, in a linux box, I have written : >[...] > >> pre-down /sbin/ip -6 route del unreachable 2a0a:1c84:1000:a00::/56 >> post-up /sbin/ip -6 route add unreachable 2a0a:1c84:1000:a00::/56 > >I think what you want to achieve with this is to avoid a packet ping-pong >between your outside connection and your router machine for packets >addressed at your /56, but not served by your router itself or any >connected network. They would travel back and forth at line speed >until the hop limit is reached, thus amplifying any misaddressed >packet. The unreachable route will block this, more specific routes >e.g. through additional interfaces would transfer only the explicitly >configured address ranges.
Maybe... I have configured IPv6 a long time ago. I suppose I don’t understand how IPv6 routes IP packets. If my server is configured with x::1/64 and if my router sends to server a packet to a workstation on LAN side (thus, outside /64 but in /56 network), why does it receive and route this packet ? Cisco router doesn’t know gateway for this subnetwork. > >> In NetBSD side : >> >> legendre# cat ifconfig.wm2 >> tcp6csum udp6csum >> inet6 2a0a:1c84:1000:a00::3 prefixlen 64 alias >> mtu 1500 >> up >> !route add -inet6 default 2a0a:1c84:1000:a00::1 > >To get the same effect, add the line >!route add -inet6 2a0a:1c84:1000:100::/56 ::1 -reject > >(btw: you can write this: >> inet6 2a0a:1c84:1000:a00::3 prefixlen 64 alias >as follows: > >inet6 2a0a:1c84:1000:a00::3/64 alias > >) > >Regards, > -is Hello Ignatios,
