[c-nsp] "Compressed" IPv6 ACLs on Cat6500
Mack McBride
mack.mcbride at viawest.com
Wed Dec 8 20:39:25 EST 2010
This is not correct.
The field is actually 288 bits (v4 uses 144 bits).
Some of these bits are used for protocol, flags and such, 2 bits are used for IPv6 address type.
The remaining available for IPv6 addresses + ports is 256.
Source and destination are each allotted 128 bits.
The bits removed are [39:24] ie. 3333:3333:3333:3333:3333:33xx:xx33:AAAA in the OP example.
The part marked x is removed.
See the following for specifics:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/acl.html#wp1090842
Embedded IPv4 removes the upper 16 bits as these are all zero.
Link local discard bits 95:80 which are zero.
All other formats remove bits [39:24]
The misunderstanding is anything with a prefix longer than /88 includes discarded bits in the subnet portion
as opposed to the host portion.
Mack McBride
Network Architect
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Saku Ytti
Sent: Wednesday, December 08, 2010 1:38 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] "Compressed" IPv6 ACLs on Cat6500
> Where did you arrive to 112? My understanding of the compressed mode is
> 128-src_port-dst_port-flags = 128-16-16 = 88 usable bits for addresses.
omitted -8 there,
flags = 8bits, so 128-16-16-8 = 88.
--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list