Solved: Re: FF00::/8 Null0 Rule

PrimeYeti · ‎07-30-2023

I understand that this rule is used to

discard multicast

traffic sent to the router, but wouldn't this stop some of the fundamental IPv6 processes (e.g. NDP) from working? Why does the router add this automatically? And have I misunderstood its purpose?

M02@rt37 · ‎07-30-2023

Hello @PrimeYeti,

The

FF00::/8 Null0

route should not be added or used to block all IPv6 multicast traffic. As you correctly pointed out, it is indeed counterproductive and can disrupt fundamental IPv6 processes like NDP, which are crucial for proper IPv6 routing and communication.

The

FF00::/8

range encompasses all IPv6 multicast addresses, and blocking it with a Null0 route effectively prevents any multicast traffic from being forwarded in the network. This would lead to severe communication issues, as many essential IPv6 protocols, including NDP, rely on multicast to function correctly.

Creating an ACL to allow specific multicast traffic to FF02 addresses would not solve the problem, as

FF02::/16

represents the

link-local multicast

addresses, and there are numerous important multicast groups within this range that are essential for local communication, such as Router Solicitation and Router Advertisement messages.

In a standard IPv6 configuration, routers should not add a

FF00::/8 Null0 route by default

as it would indeed cause problems and hinder IPv6 functionality. If such a route exists, it's essential to review the configuration and remove it to allow normal IPv6 multicast communication and ensure proper functioning of IPv6 routing and processes.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Peter Paluch · ‎07-30-2023

Hello,

You were in fact right - the

FF00::/8

routing entry is added to the routing table automatically by

IOS/IOS XE

It is not something that you configure - this happens automatically.

The trick here is that this route is added to the

unicast

routing table. It does not interfere with real multicast routing if that one is enabled because then, the router will create a separate multicast routing table and have the necessary multicast routing entries there.

So you can see the

FF00::/8 unicast

routing table entry as a failsafe entry in the unicast routing table to prevent incorrect routing of multicast traffic in situations when the multicast routing is disabled, and the multicast traffic could be routed just like any other unicast. Thanks to this entry, the multicast traffic will be dropped rather than routed like a unicast.

At least this is how I explain that entry to myself. It's important to say that other network operating systems may behave differently. This

ff00::/8

is not a principial must, but rather a platform-and-implementation-specific thing.

Best regards,
Peter

View solution in original post

M02@rt37 · ‎07-30-2023

Hello @PrimeYeti,

If the router has a

FF00::/8 Null0

route configured, it would indeed block IPv6 multicast traffic, preventing NDP from functioning correctly. As a result, devices on the network won't be able to perform address resolution, leading to communication failures and other IPv6-related problems.

If you need to filter specific multicast groups or control multicast traffic in your network, more targeted and specific filtering mechanisms should be employed.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

PrimeYeti · ‎07-30-2023

Thanks for the reply! What is the point in this rule being added then? It seems very counterproductive. It's like, "ok cool I've just enabled IPv6 routing, but I still can't use it because my router has created a rule that stops me from using a fundamental process that allows IPv6 routing to function".

Even if I were to create an ACL that allows traffic to FF02, it doesn't seem like this would work still.

M02@rt37 · ‎07-30-2023

Hello @PrimeYeti,

The

FF00::/8 Null0

route should not be added or used to block all IPv6 multicast traffic. As you correctly pointed out, it is indeed counterproductive and can disrupt fundamental IPv6 processes like NDP, which are crucial for proper IPv6 routing and communication.

The

FF00::/8

range encompasses all IPv6 multicast addresses, and blocking it with a Null0 route effectively prevents any multicast traffic from being forwarded in the network. This would lead to severe communication issues, as many essential IPv6 protocols, including NDP, rely on multicast to function correctly.

Creating an ACL to allow specific multicast traffic to FF02 addresses would not solve the problem, as

FF02::/16

represents the

link-local multicast

addresses, and there are numerous important multicast groups within this range that are essential for local communication, such as Router Solicitation and Router Advertisement messages.

In a standard IPv6 configuration, routers should not add a

FF00::/8 Null0 route by default

as it would indeed cause problems and hinder IPv6 functionality. If such a route exists, it's essential to review the configuration and remove it to allow normal IPv6 multicast communication and ensure proper functioning of IPv6 routing and processes.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

PrimeYeti · ‎07-30-2023

Oh that could be my misinterpretation then. I was watching a Jeremy's IT Labs video to study for the CCNA and in one of the IPv6 videos he mentioned that

FF00::/8

was added automatically. Unsure if he may have misspoken because from my, albeit limited knowledge, this would cause massive issues.

I'll test for myself anyway. Thanks very much!

Peter Paluch · ‎07-30-2023

Hello,

You were in fact right - the

FF00::/8

routing entry is added to the routing table automatically by

IOS/IOS XE

It is not something that you configure - this happens automatically.

The trick here is that this route is added to the

unicast

routing table. It does not interfere with real multicast routing if that one is enabled because then, the router will create a separate multicast routing table and have the necessary multicast routing entries there.

So you can see the

FF00::/8 unicast

routing table entry as a failsafe entry in the unicast routing table to prevent incorrect routing of multicast traffic in situations when the multicast routing is disabled, and the multicast traffic could be routed just like any other unicast. Thanks to this entry, the multicast traffic will be dropped rather than routed like a unicast.

At least this is how I explain that entry to myself. It's important to say that other network operating systems may behave differently. This

ff00::/8

is not a principial must, but rather a platform-and-implementation-specific thing.

Best regards,
Peter

PrimeYeti · ‎07-31-2023

Hi Peter,

I wasn't aware there were separate routing tables for

multicast and unicast

that is very useful to know. Thank you!

Kind regards,

Connor

MHM Cisco World · ‎07-30-2023

@PrimeYeti share video I want to more check.

Thanks

MHM

PrimeYeti · ‎07-30-2023

Hi Both,

I have just tested this myself and I can replicate it...? This is straight after entering the

ipv6 unicast-routing

command on a brand new router. Literally nothing else.

Link to the video is here

MHM Cisco World · ‎07-30-2023

Jeremy not wrong' but this need some search to know why router add it automatically'

I Will update you about why soon

Thanks

MHM