Hello, I'm facing an odd behaviour with IPv6 NEXT_HOP rewriting.
Scenario: IXP route server. I'm trying to rewrite the NEXT_HOP attribute of an IPv6 route to implement traffic diversion for blackhole filtering. The route server receives a blackhole filtering request from a client, a route for a /128 prefix with the BLACKHOLE community attached to it. I want the route server to announce this route to other clients with a fixed NEXT_HOP of 2001:db8:1:1::66; this address should be the IPv6 address configured with a layer-2 ACL to discard traffic entering from members ports. It is on the same net of clients. This is what I do (2001:db8:1:1::11 is a generic client address): match to 2001:db8:1:1::11 community BLACKHOLE set community NO_EXPORT match to 2001:db8:1:1::11 community BLACKHOLE set nexthop 2001:db8:1:1::66 OpenBGPD seems to like it... bgpctl -n show rib detail out neighbor 2001:db8:1:1::11 2a02:0:3::1/128 BGP routing table entry for 2a02:0:3::1/128 2 Nexthop 2001:db8:1:1::66 (via 2001:db8:1:1::66) from 2001:db8:1:1::21 (192.0.2.21) Origin IGP, metric 0, localpref 100, weight 0, external, valid, best Last update: 00:00:27 ago Communities: NO_EXPORT BLACKHOLE (the "Nexthop" is reported with the expected blackhole address) ... but then a tcpdump on the other peer shows this: Multi-Protocol Reach NLRI (14), length: 55, Flags [O]: AFI: IPv6 (2), SAFI: Unicast (1) nexthop: 2001:db8:1:1::2, nh-length: 16, no SNPA 2a02:0:3::2/128 2a02:0:3::1/128 The nexthop received by the other peer is the IPv6 address of the route server. I've also tried to add a static entry to 2001:db8:1:1::66 with ndp... [openbsd1:~]# ndp -a | grep ::66 2001:db8:1:1::66 02:42:c0:00:02:66 pcn0 permanent R ... but nothing changed. The same configuration works fine with IPv4 routes. I'm sure I'm missing something (maybe about next-hop validation), but I can't figure it out what it is. The full configuration and the output of 'bgpd -vdn' can be found here: https://github.com/pierky/arouteserver/issues/3 Thanks, Pier Carlo Network config follows: [openbsd1:~]# ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 index 3 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 pcn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 52:54:00:26:56:e7 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (autoselect) inet 192.0.2.2 netmask 0xffffff00 broadcast 192.0.2.255 inet6 fe80::5054:ff:fe26:56e7%pcn0 prefixlen 64 scopeid 0x1 inet6 2001:db8:1:1::2 prefixlen 64 enc0: flags=0<> index 2 priority 0 llprio 3 groups: enc status: active pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144 index 4 priority 0 llprio 3 groups: pflog [openbsd1:~]# route show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 192.0.2.1 UGS 4 68 - 8 pcn0 base-address.mcast localhost URS 0 0 32768 8 lo0 loopback localhost UGRS 0 0 32768 8 lo0 localhost localhost UHl 1 1 32768 1 lo0 192.0.2/24 openbsd1 UC 1 0 - 4 pcn0 192.0.2.1 02:42:57:82:bc:91 UHLc 2 9 - 4 pcn0 openbsd1 52:54:00:26:56:e7 UHLl 0 14 - 1 pcn0 192.0.2.255 openbsd1 UHb 0 0 - 1 pcn0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface ::/96 localhost UGRS 0 0 32768 8 lo0 ::/104 localhost UGRS 0 0 32768 8 lo0 localhost localhost UHl 14 14 32768 1 lo0 ::127.0.0.0/104 localhost UGRS 0 0 32768 8 lo0 ::224.0.0.0/100 localhost UGRS 0 0 32768 8 lo0 ::255.0.0.0/104 localhost UGRS 0 0 32768 8 lo0 ::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8 lo0 2001:db8:1:1::/64 2001:db8:1:1::2 UC 5 8 - 4 pcn0 2001:db8:1:1::1 02:42:57:82:bc:91 UHLc 0 18 - 4 pcn0 2001:db8:1:1::2 52:54:00:26:56:e7 UHLl 0 435 - 1 pcn0 2001:db8:1:1::11 02:42:c0:00:02:03 UHLc 1 345 - 4 pcn0 2001:db8:1:1::12 02:42:c0:00:02:04 UHLc 1 343 - 4 pcn0 2001:db8:1:1::21 02:42:c0:00:02:05 UHLc 1 348 - 4 pcn0 2001:db8:1:1::31 02:42:c0:00:02:02 UHLc 1 320 - 4 pcn0 2001:db8:1:1::66 02:42:c0:00:02:66 UHLS 0 4 - 8 pcn0 2002::/24 localhost UGRS 0 0 32768 8 lo0 2002:7f00::/24 localhost UGRS 0 0 32768 8 lo0 2002:e000::/20 localhost UGRS 0 0 32768 8 lo0 2002:ff00::/24 localhost UGRS 0 0 32768 8 lo0 fe80::/10 localhost UGRS 0 1 32768 8 lo0 fec0::/10 localhost UGRS 0 0 32768 8 lo0 fe80::%pcn0/64 fe80::5054:ff:fe26 UC 4 8 - 4 pcn0 fe80::42:c0ff:fe00 02:42:c0:00:02:02 UHLc 0 287 - 4 pcn0 fe80::42:c0ff:fe00 02:42:c0:00:02:03 UHLc 0 190 - 4 pcn0 fe80::42:c0ff:fe00 02:42:c0:00:02:04 UHLc 0 285 - 4 pcn0 fe80::42:c0ff:fe00 02:42:c0:00:02:05 UHLc 0 246 - 4 pcn0 fe80::5054:ff:fe26 52:54:00:26:56:e7 UHLl 0 189 - 1 pcn0 fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0 ff01::/16 localhost UGRS 0 1 32768 8 lo0 ff01::%pcn0/32 fe80::5054:ff:fe26 Um 0 1 - 4 pcn0 ff01::%lo0/32 localhost Um 0 1 32768 4 lo0 ff02::/16 localhost UGRS 0 1 32768 8 lo0 ff02::%pcn0/32 fe80::5054:ff:fe26 Um 0 1 - 4 pcn0 ff02::%lo0/32 localhost Um 0 1 32768 4 lo0
