Hello Hans! On Sun, 03 Jan 2021 12:14:18 -0800, Hans Dedecker wrote: > In case of prefix delegation an upstream ISP will route the complete > delegated prefix (e.g 2001:DB8:BEEF::/56) to an OpenWrt device, OpenWrt > will route back the complete /56 not matching a local or subdelegated > prefix and with as source an address from the delegated prefix > causing a routing loop. > Fix this by using an ip rule which directs traffic matching the > subdelegated prefix and coming from the wan interface to the main or > user configured routing table. > An ip rule with lower priority will make sure the traffic not matching > the subdelegated prefix(es) will be dropped with an ICMPv6 unreachable > fixing the potential routing loop. > > > This will result into the following typical IPv6 rules : > > 0: from all lookup local > 30000: from all to 2001:DB8:BEEF::/64 iif eth4 lookup main > 30001: from all to 2001:DB8:BEEF::/56 iif eth4 unreachable > 32766: from all lookup main > 4200000000: from 2001:DB8:BEEF::1/64 iif br-lan unreachable
Could you please hint me why the rule with ID 4200000000 is useful? I understand the purpose of rule 30001 explained in this commit message, but I can't imagine the situation in which rule 4200000000 would be triggered, because the main routing table has the default route that would be the final match. Thanks, Max > 4200000001: from all iif lo failed_policy > 4200000011: from all iif eth0 failed_policy > 4200000015: from all iif eth4 failed_policy > 4200000015: from all iif eth4 failed_policy > 4200000019: from all iif br-lan failed_policy > > Signed-off-by: Hans Dedecker <dedec...@gmail.com> > --- > v2: Keep unreachable route in the routing table dropping traffic from the lan > not matching any routing rules with an ICMPv6 unreachable _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
