[c-nsp] ASR920: egress ACL on BDIs
Gert Doering
gert at greenie.muc.de
Sun Jan 19 07:53:17 EST 2020
Hi,
On Mon, Jan 20, 2020 at 12:28:25AM +1300, Nathan Ward wrote:
> > On 20/01/2020, at 12:22 AM, Gert Doering <gert at greenie.muc.de> wrote:
> >
> > Now, IPv6 ACLs are not working right either, but they fail in different
> > ways - short ACLs seem to be working right, long ACLs fail-open, as in
> > "the platform claims it has been programmed, but all packets pass". Yay.
>
> This is what happens on J ACX boxes.. stunningly bad behaviour :-(
Ewww. Does it at least warn in a clearly visible way?
Our Aristas also like to run out of TCAM, but if that happens, a very
clear message is printed *and* the ACL config is not applied to the
interface (= you can see it in your RANCID diffs).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20200119/2d0c3b43/attachment.sig>
More information about the cisco-nsp
mailing list