Page MenuHomeVyOS Platform

IPv6 address validation issue
Closed, InvalidPublicBUG


The address validation seems to have issues with IPv6 addresses which ends in "0"

vyos@vyos# set interfaces ethernet eth0 address 2a10:ffff:ffff::/64

  Error: 2a10:ffff:ffff::/64 is not a valid IP host

I've also tried 2a10:ffff:ffff::0/64 which does not work either.
2a10:ffff:ffff::1/64 will be accpeted tho.

2a10:ffff:ffff:: is a valid IPv6 address and should be accepted


Difficulty level
Easy (less than an hour)
VyOS 1.4-rolling-202305310317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Validator doesn't allow setting network address to the interface
the same way you can't add to interface
But natively it seems working

vyos@r14# sudo ip a add dev eth0
vyos@r14# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.062 ms

Well, in an example like yours, using the network address as an IP is not really best practice even tho its works.
So, the validator forces the users to do it the right way, which is probably a good thing.

But even there are some exeptions, point-to-point connections are commonly using an /31 subnet.
In such cases the network address is also used and there is no broadcast address reserved.
So, is then actually a fully valid IP address.

Also if you take as an example, there is nothing wrong with using an .0 address within the subnet.

This is mostly also applying to IPv6
But probably occures even more ofthen that an IP address ends with a "0" / ::

There are no network or broadcast addresses in v6 like there are in v4. The first address (ex: 2a10:ffff:ffff::/64) is the Anycast address for "All Routers" on a subnet in v6 land.

Duplicate address detection *should* prevent this from being assigned.

If you want to use Point to Points, use /127s.

dmbaturin edited projects, added Invalid; removed VyOS 1.4 Sagitta (1.4.0-epa), Restricted Project, VyOS 1.5 Circinus.
dmbaturin added a subscriber: dmbaturin.

The validator correctly handled addresses that end with zero if they valid host addresses. It rejects such addresses iff they are the first addresses of their subnets: in IPv4 because it's the network address, in IPv6 because it's the Subnet-Router anycast address (

Otherwise it works fine:

$ ./src/ipaddrcheck --is-ipv6-host 2001:db8:dead:beef::/32 && echo Yes

$ ./src/ipaddrcheck --is-ipv4-host && echo Yes

$ ./src/ipaddrcheck --is-ipv4-host && echo Yes

Also, a word of caution for everyone who tests what's possible by trying it out in the Linux kernel: the kernel allows you to go completely against all RFCs and even set a custom broadcast address. I'm not kidding. ;)
So, "Linux allows it" isn't always an argument for a well-behaved system.