Marc Lampo

IPv6 static route for 2000::/3 no longer possible (R80.20)

Discussion created by Marc Lampo on Oct 16, 2018
Latest reply on Oct 16, 2018 by Dameon Welch-Abernathy

Hello,

 

following a recommendation I heard from a guy from Cisco, on an IETF conference (IPv6 working group), I have since then configured a static route for 2000::/3, while the IPv6 default route was blackholed.  (As IPv6 public addresses start with 2...:: or 3...:: exclusively, a route for 2000::/3 is enough - hijacking of addresses outside that list can no longer cause harm)

 

This worked fine up tille and including R80.10 :

# fw ver
This is Check Point's software version R80.10 - Build 027

(extract from the configuration)

set ipv6 static-route default nexthop blackhole
set ipv6 static-route 2000::/3 comment "Route public address space only"
set ipv6 static-route 2000::/3 nexthop gateway <-my:IPv6:routers:addres-> on

 

To my surprise, R80.20 refuses IPv6 static routes for masks <8 !

CP helpdesk was very quick to point at sk118074, claiming this - IPv6 routes for a /3 - is not possible since R75.
(which obviously is not true, since I have R80.10's configured like that)

CP helpdesk even closed the ticket before I could point this out to them : good for their statistics, bad for customer/partner feeling ...

 

Given the number of people that already voted in favor of supporting R77.30 for (at least !?) another year,
I would think Check Point has more important things to fix,
rather than breaking something which worked fine up till now :-(

 

Sincerely,

Outcomes