IPv6 Static Routes

Configuring IPv6 Static Routes - Gaia Portal

You can configure IPv6 static routes only one route at a time.

Important - First, you must enable the IPv6 Support and reboot.

1. In the navigation tree, click Network Management > IPv6 Static Routes.
2. In the IPv6 Static Routes section, click Add.
3. In the Destination / Mask Length field, enter the IPv6 address and prefix (default prefix is 64).
4. Select the Next Hop Type field select:
   • Normal - To accept and forward packets
   • Blackhole - To drop packets, without sending ICMP unreachable packet to the traffic source
   • Reject - To drop packets, and send ICMP unreachable packet to the traffic source
5. In the Rank field, leave the default value (60), or enter the relative rank of the IPv6 static route (an integer from 1 to 255).

   This value specifies the rank for the configured route when there are overlapping routes from different protocols.

6. In the Comment field, enter the applicable comment text (up to 100 characters).
7. In the Add Gateway section, click Add.

   The Add Gateway window opens.

8. In the Gateway Address field, enter the IPv6 address of the next hop gateway.
9. In the Priority field, either do not enter anything, or select an integer between 1 and 8.

   Priority defines the order for selecting the next hop among many gateways. The lower the priority, the higher the preference - priority 1 means the highest preference, and priority 8 means the lowest preference. Gateways with no priority configured are preferred over gateways with priority configured. Two gateways cannot be configured with the same priority because IPv6 Equal Cost Multipath Routes are not supported.

10. Click Ok.
11. Select the Ping6 option, if you need to monitor next hops for the IPv6 static route using ping6.

    The Ping6 feature sends ICMPv6 Echo Requests to verify that the nexthop for a static route is working. Only nexthop gateways, which are verified as working are included in the kernel forwarding table. When Ping6 is enabled, an IPv6 static route is added to the kernel forwarding table only after at least one gateway is reachable.

12. Click Save.
13. In the Advanced Options section, you can adjust the Ping6 behavior. If you changed the default settings, click Apply.

Note - Make sure to enable the IPv6 feature. See the System Configuration.

Configuring IPv6 Static Routes - Gaia Clish

Description

Configure, show and delete IPv6 static routes.

Important - First, you must enable the IPv6 Support and reboot.

Note - There are no add commands for the static route feature.

Syntax

• To add or configure a default static IPv6 route:

  set ipv6 static-route default comment {"Text" | off} nexthop gateway <IPv6 Address of Next Hop Gateway> [priority <Priority>] {on | off} gateway <IPv6 Address of Next Hop Gateway> interface <Name of Local Interface> [priority <Priority>] {on | off} blackhole reject ping6 {on | off} rank <Rank>

• To add or configure a specific static IPv6 route:

  set ipv6 static-route <Destination IPv6 Address> comment {"Text" | off} nexthop gateway <IPv6 Address of Next Hop Gateway> [priority <Priority>] {on | off} gateway <IPv6 Address of Next Hop Gateway> interface <Name of Local Interface> [priority <Priority>] {on | off} blackhole reject ping6 {on | off} rank <Rank>

• To show all configured static IPv6 routes:

  show ipv6 route static all

• To remove a default static IPv6 route:

  set ipv6 static-route default off

• To remove a specific static IPv6 route:

  set ipv6 static-route <Destination IPv6 Address> off

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Parameters

Parameter	Description
default	Defines the default static IPv6 route.
<Destination IPv6 Address>	Defines the IPv6 address of destination host or network using the CIDR notation (IPv6_Address/MaskLength). Example: fc00::/64 Mask length must be in the range 8-128.
comment {"Text" | off}	Defines of removes the optional comment for the static route. Write the text in double-quotes. Text must be up to 100 characters. This comment appears in the Gaia Portal and in the output of the show configuration command.
nexthop	Defines the next hop path, which can be a gateway, blackhole, or reject.
gateway	Specifies that this next hop accepts and sends packets to the specified destination.
blackhole	Specifies that this next hop drops packets, but does not send ICMP unreachable packet to the traffic source.
reject	Specifies that this next hop drops packets and sends ICMP unreachable packet to the traffic source.
address <IPv6 Address of Next Hop Gateway>	Defines the IPv6 address of the next hop gateway.
interface <Name of Local Interface>	Identifies the next hop gateway by the local interface that connects to it. Use this option only if the next hop gateway has an unnumbered interface.
priority <Priority>	Defines which gateway to select as the next hop when multiple gateways are configured. The lower the priority, the higher the preference - priority 1 means the highest preference, and priority 8 means the lowest preference. Gateways with no priority configured are preferred over gateways with priority configured. Two gateways cannot be configured with the same priority because IPv6 Equal Cost Multipath Routes are not supported.
nexthop ... on	Adds the specified next hop.
nexthop ... off	Deletes the specified next hop. If you specify a next hop, only the specified path is deleted. If no next hop is specified, the route and all related paths are deleted.
ping6 {on | off}	Enables (on) or disables (off) the ping of specified next hop gateways for IPv6 static routes. The Ping6 feature sends ICMPv6 Echo Requests to verify that the nexthop for a static route is working. Only nexthop gateways, which are verified as working are included in the kernel forwarding table. When Ping6 is enabled, an IPv6 static route is added to the kernel forwarding table only after at least one gateway is reachable. To adjust the ping6 behavior, run: set ping count <value> set ping interval <value>
rank <Rank>	Selects a route, if there are many routes to a destination that use different routing protocols. The route with the lowest rank value is selected. Use the rank keyword in place of the nexthop keyword with no other parameters. Accepted values are: default (60), integer numbers from 0 to 255. In addition, see this command: set protocol-rank protocol <Rank>

Examples

gaia> set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 on   gaia> set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 interface eth3 on   gaia> set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 priority 3 on   gaia> set ipv6 static-route 3100:192::0/64 nexthop reject   gaia> set ipv6 static-route 3100:192::0/64 nexthop blackhole   gaia> set ipv6 static-route 3100:192::0/64 off   gaia> set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 off   gaia> set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 interface eth3 off   gaia> show ipv6 route static Codes: C - Connected, S - Static, B - BGP, Rg - RIPng, A - Aggregate, O - OSPFv3 IntraArea (IA - InterArea, E - External), K - Kernel Remnant, H - Hidden, P - Suppressed   S 3100:55::1/64 is directly connected S 3200::/64 is a blackhole route S 3300:123::/64 is a blackhole route S 3600:20:20:11::/64 is directly connected, eth3

Troubleshooting

Symptoms

You cannot enable the VPN Software Blade. This message shows:

VPN blade demands gateway's IP address corresponding to the interface's IP addresses

Cause

IPv6 feature is active on the Security Gateway, but the main IPv6 address is not configured in the Security Gateway object.

Solution

1. In SmartConsole, open the Security Gateway object.
2. Click the General Properties page.
3. Configure the main IPv6 address.
4. Click OK.
5. Install the Access Policy on the Security Gateway object.