Routing question about unused ip6 subnets

  • My ISP gives me a /56 of which so far I am using 3 /64 subnets and everything is working as it should.

    My question, do I need to do anything about the unused subnets. I notice if I ping or tracert an address in the unused range, that pfsense is sending it back out to the ISP, which promptly sends it back to pfsense, in a loop, until it TTL's out.

    Is there a set up in pfSense I should be doing to prevent that or is that considered ok?

  • Null route the /56 to the loopback interface on your pfSense with a static route at System->Routing->Static Routes. This will guarantee that any traffic going to the unallocated addresses will terminate at your pfSense without going anywhere. Traffic going to the /64s will of course take the correct route because the routes for the /64 are more specific than the route for the /56.

  • LAYER 8 Global Moderator

    This would not happen from the public side.  While you can null route it sure - why should you need too.. Why would "YOU" be trying to accessing networks your not using?

    Anyone on the public side trying to access some unused prefix out of your /56 would just get sent to your pfsense wan via the route and pfsense would just drop it.

  • I tried an online tool to traceroute to an address, and you are right about pfsense just dropping it, at least as far as I could tell.

    There shouldn't be any reason any internal device doing it, so it should be ok. I just wanted to make sure didn't get a nasty note from my ISP.

Log in to reply