On 7/26/17 11:09 AM, David Ahern wrote: > I don't understand why you are focused on the built-in null and prohibit > route entries.
I see. You are using fib rules for the prohibit entry; I am using an explicit route entry. If I run 'ip ro get fibmatch' for the latter I want to see that route entry since it is a route in the FIB: # ip -6 ro get fibmatch vrf red 5000::1 prohibit 5000::/120 dev lo table red metric 1024 error -13 pref medium So there are multiple cases to verify.
