cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4632
Views
5
Helpful
8
Replies

Can't create static route to LL address: Next-hop cannot be a local address

Jean-Daniel
Level 1
Level 1

 

I'm trying to find out if this is a NX-OS bug or a misconfiguration:

I have a switch with 2 interfaces configured as route interface.

 

eth1/2 has only a link local address: fe80::1

eth1/3 has only an autogenerated link local address.

 

With a classic router (linux box, …), it is perfect possible to define a default route with gateway fe80::1%eth1/3

But when I try to do that on nx-os 9.2.3, it refuses to create the route with the error: Next-hop cannot be a local address

IMHO, this error is meaningless as "fe80::1%eth1/3" is not a local address. If I use an other next-hop address (fe80::2%eth1/3) or if I change the eth1/2 address, everything works fine.

 

My config is like this:

interface Ethernet1/2
  no switchport
  ipv6 link-local fe80::1

interface Ethernet1/3
  no switchport
  ipv6 address use-link-local-only

 

I try to create the route using the following command:

nexus(config)# ipv6 route ::/0 fe80::1 eth1/3
Next-hop cannot be a local address

 

And the IPv6 interface state is:

nexus(config)# sh ipv6 int
IPv6 Interface Status for VRF "default"
Ethernet1/2, Interface status: protocol-down/link-down/admin-up, iod: 10
  IPv6 address: fe80::1 [TEN]
  IPv6 link-local address: fe80::1 (configured) [TEN]
  IPv6 virtual addresses configured: none
  IPv6 multicast routing: disabled
  IPv6 report link local: disabled
  IPv6 Forwarding feature: disabled
  IPv6 multicast groups locally joined:   
      ff02::2  ff02::1  ff02::1:ff00:1  
  IPv6 multicast (S,G) entries joined: none
  IPv6 MTU: 1500 (using link MTU)
  IPv6 unicast reverse path forwarding: none
  IPv6 load sharing: none 
  IPv6 interface statistics last reset: never
  IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
    Unicast packets:      0/0/0
    Unicast bytes:        0/0/0
    Multicast packets:    0/0/0
    Multicast bytes:      0/0/0
Ethernet1/3, Interface status: protocol-down/link-down/admin-up, iod: 11
  IPv6 address: fe80::32f7:dff:fe9f:53c [TEN]
  IPv6 link-local address: fe80::32f7:dff:fe9f:53c (default) [TEN]
  IPv6 virtual addresses configured: none
  IPv6 multicast routing: disabled
  IPv6 report link local: disabled
  IPv6 Forwarding feature: disabled
  IPv6 multicast groups locally joined:   
      ff02::2  ff02::1  ff02::1:ff9f:53c  
  IPv6 multicast (S,G) entries joined: none
  IPv6 MTU: 1500 (using link MTU)
  IPv6 unicast reverse path forwarding: none
  IPv6 load sharing: none 
  IPv6 interface statistics last reset: never
  IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
    Unicast packets:      0/0/0
    Unicast bytes:        0/0/0
    Multicast packets:    0/0/0
    Multicast bytes:      0/0/0

 

8 Replies 8

Hi @Jean-Daniel,

I found this is a limitation with the NX-OS software applicable for all Nexus family of Switches.

It was document here:

Guidelines and Limitations for Configuring IPv6

  • IPv6 static route next hop link-local address cannot be configured at any local interface.

via:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/unicast/configuration/guide/b-7k-Cisco-Nexus-7000-Series-NX-OS-Unicast-Routing-Configuration-Guide-Release/n7k_unicast_config_ipv6.html#concept_C519AB67E54B48358AA322AB89529D88

 

The workaround, not configure the same link-local address in any of your Switch's interface that is also intended to be used as a Next-Hop via a Static Route.

 

HTH.

 

 

Please define 'local interface'.

 

`fe80::1%eth1/3` is not a local address and so not a local interface.

 

As a side note, I found afterward that it is perfectly possible to do what I was trying to do by declaring the route before configuring the interface (which is fortunately the order in which the config is saved automatically).

The problem is that the route command validation code is broken and wrongly reject a perfectly valid route.

The interface configuration command don't have that issue, and so let me configure the interface address.

 

 

 

Hi @Jean-Daniel,

Local interface is any interface on your Nexus. It can be a Layer 3 port or interface vlan (aka SVI).

As you have said, it looks to be the parser rejecting the operation based on a local interface already with that link-local address in the configuration at the moment the static route is applied.

It looks like you found a logical way to cheat the parser.

Still, it was documented that way in Cisco.com

I will check internally if this behavior can be looked at by the Nexus product team.

For the time being, you have your workaround.

Regards.

 

The documentation says I can't use a local interface as Next-Hop. But this is not what I'm trying to do, so I disagree when you say my issue is documented.

 

The command parser wrongly think that I'm targeting a local interface, which is not what I'm doing.

 

That said, thank you for your responses :-)

 

Hi @Jean-Daniel,

 

The documentation refers to what you are trying to do.

It says "IPv6 static route next hop link-local address cannot be configured at any local interface."

I know you are doing "fe80::1%eth1/3" where fe80::1 is not configured on eth1/3 but on eth1/2 segment. Still, eth1/3 & eth1/2 are considered "local interfaces" in this context.

In theory, your Static Route should be a valid configuration since in the IPv6 world, Link-Local address are relevant per network segment. However, there is an internal code check in NX-OS that prevents the Static Route from being accepted by the parser since it detects fe80::1 is already configured in a local interface... any local interface.

 

This is a similarly to the parser preventing you from configuring a Static Route in IPv4 which next-hop is an IP you have already configured on any interface.

switch(config)# int eth2/1
switch(config-if)# ip add 10.1.2.1 255.255.255.0
switch(config-if)# no shut

switch(config)# ip route 8.8.8.8/32 10.1.2.1
% Next-hop cannot be local address in same or different vrf
switch(config)# 

I guess that internally in code, the Static Route API is not sending to the parser API the interface information along with the IPv6 next-hop for this check to be more accurate.

Your workaround makes sense since it bypasses the parser check.

 

You are welcome :-)

Regards.

IPv6 static route next hop link-   https://xender.pro/ https://discord.software/ https://omegle.onl/   local address cannot be configured at any local interfac

Holteen
Level 1
Level 1

@Jean-Daniel wrote:

 

I'm trying to find out if this is a NX-OS bug or a misconfiguration:

I have a switch with 2 interfaces configured as route interface.

 

eth1/2 has only a link local address: fe80::1

eth1/3 has only an autogenerated link local address.

 

With a classic router (linux box, …), it is perfect possible to define a default route with gateway fe80::1%eth1/3

But when I try to do that on nx-os 9.2.3, it refuses to create the route with the error: Next-hop cannot be a local address

IMHO, this error is meaningless as "fe80::1%eth1/3" is not a local address. If I use an other next-hop address (fe80::2%eth1/3) or if I change the eth1/2 address, everything works fine.

 

My config is like this:

interface Ethernet1/2
  no switchport omegle
  ipv6 link-local fe80::1

interface Ethernet1/3
  no switchport cps counter
  ipv6 address use-link-local-only

 

I try to create the route using the following command:

nexus(config)# ipv6 route ::/0 fe80::1 eth1/3 cps test
Next-hop cannot be a local address

 

And the IPv6 interface state is:

nexus(config)# sh ipv6 int
IPv6 Interface Status for VRF "default"
Ethernet1/2, Interface status: protocol-down/link-down/admin-up, iod: 10
  IPv6 address: fe80::1 [TEN]
  IPv6 link-local address: fe80::1 (configured) [TEN]
  IPv6 virtual addresses configured: none
  IPv6 multicast routing: disabled
  IPv6 report link local: disabled
  IPv6 Forwarding feature: disabled
  IPv6 multicast groups locally joined:   
      ff02::2  ff02::1  ff02::1:ff00:1  
  IPv6 multicast (S,G) entries joined: none
  IPv6 MTU: 1500 (using link MTU)
  IPv6 unicast reverse path forwarding: none
  IPv6 load sharing: none 
  IPv6 interface statistics last reset: never
  IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
    Unicast packets:      0/0/0
    Unicast bytes:        0/0/0
    Multicast packets:    0/0/0
    Multicast bytes:      0/0/0
Ethernet1/3, Interface status: protocol-down/link-down/admin-up, iod: 11
  IPv6 address: fe80::32f7:dff:fe9f:53c [TEN]
  IPv6 link-local address: fe80::32f7:dff:fe9f:53c (default) [TEN]
  IPv6 virtual addresses configured: none
  IPv6 multicast routing: disabled
  IPv6 report link local: disabled
  IPv6 Forwarding feature: disabled
  IPv6 multicast groups locally joined:   
      ff02::2  ff02::1  ff02::1:ff9f:53c  
  IPv6 multicast (S,G) entries joined: none
  IPv6 MTU: 1500 (using link MTU)
  IPv6 unicast reverse path forwarding: none
  IPv6 load sharing: none 
  IPv6 interface statistics last reset: never
  IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
    Unicast packets:      0/0/0
    Unicast bytes:        0/0/0
    Multicast packets:    0/0/0
    Multicast bytes:      0/0/0

 


Will try this configuration. Helpful!

bwrhoc7
Level 1
Level 1

We will try this configuration. That's really helpful!

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco