[c-nsp] IPv6 and Cat 6500
Phil Mayers
p.mayers at imperial.ac.uk
Tue Oct 5 09:07:56 EDT 2010
On 05/10/10 13:11, Oliver Gorwits wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Phil,
>
> On 30/09/2010 10:42, Phil Mayers wrote:
>> On 30/09/10 10:17, Saku Ytti wrote:
>>> things to watch for in EARL7.x.
>>> uRPF
>>> Not supported at all.
>>
>> Worse: accepts the command and punts to CPU as far as I can see.
>
> Do you mean when an exception ACL is supplied (as discussed on
> previous threads on c-nsp) or, simply by using the following:
>
> ipv6 verify unicast source reachable-via rx
The latter.
>
> We run Sup720/3BXL and I'd believed the above would be performed
> without CPU assistance :-/
No. It is punted to CPU I'm afraid.
e.g.
#sh run int vl55 | inc ipv6
ipv6 address X
ipv6 verify unicast reverse-path
#sh tcam interface vl55 acl in ipv6
Entries from Bank 0
permit ipv6 any(eui) FF00::/8(full)
permit ipv6 any(full) FF00::/8(full)
punt ipv6 any(eipv4) any
punt ipv6 any(eui) any
punt ipv6 any(full) any
Note the "punt"
#conf t
onfiguration commands, one per line. End with CNTL/Z.
(config)#int vl55
(config-if)#no ipv6 verify unicast reverse-path
(config-if)#^Z
#sh tcam interface vl55 acl in ipv6
Entries from Bank 0
permit ipv6 any(eipv4) any
permit ipv6 any(eui) any
permit ipv6 any(full) any
Note, no "punt"
More information about the cisco-nsp
mailing list