[174419] in North American Network Operators' Group
Re: 2000::/6
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sun Sep 14 17:20:10 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <54141D81.30800@lanparty.ee>
From: Jimmy Hess <mysidia@gmail.com>
Date: Sun, 14 Sep 2014 16:19:42 -0500
To: Tarko Tikan <tarko@lanparty.ee>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sat, Sep 13, 2014 at 5:33 AM, Tarko Tikan <tarko@lanparty.ee> wrote:
> 2000::/64 has nothing to do with it.
>
> Any address between 2000:0000:0000:0000:0000:0000:0000:0000 and
> 23ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff together with misconfigured prefix
> length (6 instead 64) becomes 2000::/6 prefix.
It should be rejected for the same reason that 192.168.10.0/16 is
invalid in a prefix list or access list.
Any decent router won't allow you to enter just anything in that range
into the export rules with a /6, except 2000:: itself, and will
even show you a failure response instead of silently ignoring the
invalid input, for the very purpose of helping you avoid such errors.
2001::1/6 would be an example of an invalid input -- there are
one or more non-zero bits listed outside the prefix, or where bits in
the mask are zero.
Only 2000:0000:0000:0000:0000:0000:0000:0000/6 properly conforms,
not just "any IP" in that range can have a /6 appended to the end.
--
-JH
