[c-nsp] ME3600X IPv6 ND Control & Data Plane Problems
Gert Doering
gert at greenie.muc.de
Sun Mar 1 06:47:43 EST 2015
Hi,
On Sun, Mar 01, 2015 at 03:24:21AM +0200, Mark Tinka wrote:
> This is the ACL:
>
> ipv6 access-list filter-outgoing6
> deny ipv6 any 3FFE::/16
> deny ipv6 any 2001:DB8::/32
> deny ipv6 any FE00::/9
> deny ipv6 any FF00::/8
> sequence 65535 permit ipv6 any any
This should be perfectly fine for ND. ND is done using fe80:: addresses,
which are *not* matched by "deny any fe00::/9" (fe80 is in the other half
of that /8). So fall through to the "permit any any" line.
> I was considering punching extra holes in this ACL for the ME3600X, but
> I'm curious why this hardware-software combination differs from other
> Cisco platforms.
Looking at Cisco from the outside, I see a myriad small companies all
competing with each other, all picking their own hardware from the market
or developing their own, some of them sharing code (but hardly ever
contributing back), some insisting on having their own code and not
listening to customers of the other small companies...
So, I'm not surprised that "basic feature X" does not work on hardware
coming from BU Y, as "no customer (we know about) has ever asked for it".
Call me old and grumpy, but the times where there was one IOS and hardware
basically fell into the "it's software forwarding" or "it's a GSR and you
need an on-site SE to make it work" were a bit easier :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150301/8d90174a/attachment-0001.sig>
More information about the cisco-nsp
mailing list