Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

IPv6 static route for 2000::/3 no longer possible (R80.20)

Hello,

following a recommendation I heard from a guy from Cisco, on an IETF conference (IPv6 working group), I have since then configured a static route for 2000::/3, while the IPv6 default route was blackholed.  (As IPv6 public addresses start with 2...:: or 3...:: exclusively, a route for 2000::/3 is enough - hijacking of addresses outside that list can no longer cause harm)

This worked fine up tille and including R80.10 :

# fw ver
This is Check Point's software version R80.10 - Build 027

(extract from the configuration)

set ipv6 static-route default nexthop blackhole
set ipv6 static-route 2000::/3 comment "Route public address space only"
set ipv6 static-route 2000::/3 nexthop gateway <-my:IPv6:routers:addres-> on

To my surprise, R80.20 refuses IPv6 static routes for masks <8 !

CP helpdesk was very quick to point at sk118074, claiming this - IPv6 routes for a /3 - is not possible since R75.
(which obviously is not true, since I have R80.10's configured like that)

CP helpdesk even closed the ticket before I could point this out to them : good for their statistics, bad for customer/partner feeling ...

Given the number of people that already voted in favor of supporting R77.30 for (at least !?) another year,
I would think Check Point has more important things to fix,
rather than breaking something which worked fine up till now 😞

Sincerely,

Tags (2)
0 Kudos
Reply
2 Replies
Highlighted
Champion
Champion

@Hugo van der Kooij: What are you thinking about this in regards to your post here?

Admin
Admin

Based on that SK, one could argue that the fact the OS allowed configuring IPv6 with mask length less than 8 as a defect that we "fixed" in R80.20. Smiley Happy

That said, I see the other side of it.

We would probably have to address it as an RFE.

0 Kudos
Reply