[c-nsp] Need help with IPv6 CoPP
"Rolf Hanßen"
nsp at rhanssen.de
Mon May 6 12:26:20 EDT 2013
Hello,
in the non-working copp-config "sh ipv6 ospf nei" shows
"EXSTART/BDR" and "EXSTART/DR", so looks like they already found out.
Anyway, do you know which protocol number and maybe port-number they use
(if it is not 89 and CoPP just does not filter correctly) ?
Using "permit ipv6 FE80::/10 FE80::/10" without anything further does not
make much sense because it matches half of the possible ipv6 "risk
traffic".
kind regards
Rolf
> At that stage, neighbors agree on Master/Slave relationship before moving
> to "exchange" DBD's. This traffic is unicast between neighbors.
>
>
> On Mon, May 6, 2013 at 11:30 AM, "Rolf Hanßen" <nsp at rhanssen.de> wrote:
>
>> Hello,
>>
>> I used no authentication for testing, but thanks for the hint, need to
>> put
>> that on the checklist before implementing. ;)
>>
>> kind regards
>> Rolf
>>
>> >> If I apply the policy-map after OSPF changes to FULL, it stays in
>> that
>> >> status.
>> >> If I apply the map and clear OSPF process it flaps the whole time
>> >> between
>> >> EXSTART and DOWN:
>> >
>> > Are you using OSPFv3 authentication? In this case the first protocol
>> in
>> > the packets is AH, and the next is OSPF. This doesn't fully explain
>> what
>> > you're seeing, but is something to check.
>> >
>> > I have no clue for the other strangenesses you describe.
>> >
>> > Regards,
>> > Bergonz
>> >
>> >
>> > --
>> > Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a.
>> > Phone:+39-051-6781926 e-mail: bergonz at labs.it
>> > alt.advanced.networks.design.configure.operate
>> > _______________________________________________
>> > cisco-nsp mailing list cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
More information about the cisco-nsp
mailing list