Brett Frankenberger rbf+nanog at panix.com
Sun Sep 14 21:39:42 UTC 2014

On Sun, Sep 14, 2014 at 04:19:42PM -0500, Jimmy Hess wrote:
> On Sat, Sep 13, 2014 at 5:33 AM, Tarko Tikan <tarko at lanparty.ee> wrote:
> > 2000::/64 has nothing to do with it.
> >
> > Any address between 2000:0000:0000:0000:0000:0000:0000:0000 and
> > 23ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff together with misconfigured prefix
> > length (6 instead 64) becomes 2000::/6 prefix.
> It should be rejected for the same reason that is
> invalid in a prefix list  or access list.

RTR(config)#ip prefix-list TEST permit
RTR(config)#do sho ip prefix-list TEST
ip prefix-list TEST: 1 entries
   seq 5 permit

This isn't surprising to people who've been using IOS for a while ...
> Any decent router won't allow you to enter just anything in that range
> into the export rules  with a /6,  except 2000::  itself, and will
> even show you a failure response instead of silently ignoring the
> invalid input,  for the very purpose of helping you avoid such errors.

Well, unfortunately, a lot of us have (as you define the term) indecent

RTR(config)#ipv6 prefix-list TEST permit 2000:1111::/6
RTR(config)#do sho ipv6 prefix-list TEST
ipv6 prefix-list TEST: 1 entries
   seq 5 permit 2000::/6

>    2001::1/6  would be an example of an invalid input --  there are
> one or more non-zero bits listed outside the prefix, or where  bits in
> the mask are zero.
> Only 2000:0000:0000:0000:0000:0000:0000:0000/6    properly conforms,
> not just "any IP"   in that range  can have a /6  appended to the end.

     -- Brett

More information about the NANOG mailing list