IPv6 black-holing (null routing, or the action to silently discard traffic matching a given destination IP prefix) is bugged with Quagga and/or iproute2. Indeed, none of the following commands seems to be working:
quagga-router(config)# ipv6 route 2001:db8::/32 lo blackhole linux-shell$ ip -6 route add blackhole 2001:db8::/32
Notice that the quagga command requires an interface, while its IPv4 counterpart doesn’t. I tested with the linux loopback interface lo and a dummy interface ds0 trying to mimick the FreeBSD discard interface, in vain. The iproute2 command also fails and it is apparently a known bug since 2003, wtf?
So how to circumvent this buggy behavior without breaking in blood tears?
Well, simply use a dummy interface and static, high metric routes. Here is the /etc/network/interfaces snippet from my debian routers for null routing 2001:db8::/32 and 192.168.168.0/24:
# blackhole iface ds0 inet manual pre-up ip link add dev ds0 type dummy pre-up ip link set ds0 up up ip -6 route add 2001:db8::/32 dev ds0 proto static metric 255 up ip -4 route add 192.168.168.0/24 dev ds0 proto static metric 255 down ip link del dev ds0
If you know any proper method to achieve the same result, please share. Mine is dirty, but at least I am not leaking traffic or looping back and forth with my upstream router anymore. Yay!