owen at delong.com
Tue Sep 16 18:00:35 UTC 2014
On Sep 14, 2014, at 2:19 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> On Sat, Sep 13, 2014 at 5:33 AM, Tarko Tikan <tarko at lanparty.ee> wrote:
>> 2000::/64 has nothing to do with it.
>> Any address between 2000:0000:0000:0000:0000:0000:0000:0000 and
>> 23ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff together with misconfigured prefix
>> length (6 instead 64) becomes 2000::/6 prefix.
> It should be rejected for the same reason that 192.168.10.0/16 is
> invalid in a prefix list or access list.
> Any decent router won't allow you to enter just anything in that range
> into the export rules with a /6, except 2000:: itself, and will
> even show you a failure response instead of silently ignoring the
> invalid input, for the very purpose of helping you avoid such errors.
> 2001::1/6 would be an example of an invalid input -- there are
> one or more non-zero bits listed outside the prefix, or where bits in
> the mask are zero.
> Only 2000:0000:0000:0000:0000:0000:0000:0000/6 properly conforms,
> not just "any IP" in that range can have a /6 appended to the end.
Which is one of the reasons I think it was more likely a typo for 2000::/3
being entered via numeric keypad.
3 and 6 are adjacent on a numeric keypad and both 2000::/3 and 2000::/6 are
More information about the NANOG