rbf+nanog at panix.com
Sun Sep 14 21:39:42 UTC 2014
On Sun, Sep 14, 2014 at 04:19:42PM -0500, Jimmy Hess wrote:
> On Sat, Sep 13, 2014 at 5:33 AM, Tarko Tikan <tarko at lanparty.ee> wrote:
> > 2000::/64 has nothing to do with it.
> > Any address between 2000:0000:0000:0000:0000:0000:0000:0000 and
> > 23ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff together with misconfigured prefix
> > length (6 instead 64) becomes 2000::/6 prefix.
> It should be rejected for the same reason that 192.168.10.0/16 is
> invalid in a prefix list or access list.
RTR(config)#ip prefix-list TEST permit 192.168.10.0/16
RTR(config)#do sho ip prefix-list TEST
ip prefix-list TEST: 1 entries
seq 5 permit 192.168.0.0/16
This isn't surprising to people who've been using IOS for a while ...
> Any decent router won't allow you to enter just anything in that range
> into the export rules with a /6, except 2000:: itself, and will
> even show you a failure response instead of silently ignoring the
> invalid input, for the very purpose of helping you avoid such errors.
Well, unfortunately, a lot of us have (as you define the term) indecent
RTR(config)#ipv6 prefix-list TEST permit 2000:1111::/6
RTR(config)#do sho ipv6 prefix-list TEST
ipv6 prefix-list TEST: 1 entries
seq 5 permit 2000::/6
> 2001::1/6 would be an example of an invalid input -- there are
> one or more non-zero bits listed outside the prefix, or where bits in
> the mask are zero.
> Only 2000:0000:0000:0000:0000:0000:0000:0000/6 properly conforms,
> not just "any IP" in that range can have a /6 appended to the end.
More information about the NANOG