Routing question about unused ip6 subnets
-
My ISP gives me a /56 of which so far I am using 3 /64 subnets and everything is working as it should.
My question, do I need to do anything about the unused subnets. I notice if I ping or tracert an address in the unused range, that pfsense is sending it back out to the ISP, which promptly sends it back to pfsense, in a loop, until it TTL's out.
Is there a set up in pfSense I should be doing to prevent that or is that considered ok?
-
Null route the /56 to the loopback interface on your pfSense with a static route at System->Routing->Static Routes. This will guarantee that any traffic going to the unallocated addresses will terminate at your pfSense without going anywhere. Traffic going to the /64s will of course take the correct route because the routes for the /64 are more specific than the route for the /56.
-
This would not happen from the public side. While you can null route it sure - why should you need too.. Why would "YOU" be trying to accessing networks your not using?
Anyone on the public side trying to access some unused prefix out of your /56 would just get sent to your pfsense wan via the route and pfsense would just drop it.
-
I tried an online tool to traceroute to an address, and you are right about pfsense just dropping it, at least as far as I could tell.
There shouldn't be any reason any internal device doing it, so it should be ok. I just wanted to make sure didn't get a nasty note from my ISP.