discussion: Enabling IPv6 on Cisco 6500/7600 breaks IPv4 Internet connectivity

Ranganath Hande rangha at microsoft.com
Tue Jun 26 18:36:48 CEST 2012


Agreed...Punting is specifically hardware related issue - applicable to the 3A, 3B, and 3BXL PFC/DFC daughter cards.  Verify punts using - "sh tcam global acl in ipv6" command.  Workaround is using "platform ipv6 acl fragment hardware" command and  is specific to the 6500/7600. The command enables the ipv6 fragements to be forwarded in HW with some tradeoff to ACL activity.  Per Cisco - this was corrected in the 3C daughtercard.  

Thank you,

Ranga 

-----Original Message-----
From: Mikael Abrahamsson [mailto:swmike at swm.pp.se] 
Sent: Monday, June 25, 2012 10:36 PM
To: Ranganath Hande
Cc: ipv6-ops at lists.cluenet.de
Subject: Re: discussion: Enabling IPv6 on Cisco 6500/7600 breaks IPv4 Internet connectivity

On Mon, 25 Jun 2012, Ranganath Hande wrote:

> It is fairly common for RP utilization to go up initially when either 
> v4 or v6 internet BGP peer comes up first time--due to large number of 
> BGP prefixes that router has to process. In case of v6, impact is more 
> visible as resource utilization is 4 times higher. Possible solutions 
> are --

In case of PFC3B(-XL), this is also of interest once IPv6 traffic is
flowing:

<http://mailman.nanog.org/pipermail/nanog/2011-September/040653.html>

PFC3B will by default punt IPv6 packets with fragmentation header to RP and route them there, with the obvious performance penalty this incurs.

Workaround is to change this behaviour, meaning ACLs won't work for packets with fragmentation header anymore:

    #platform ipv6 acl fragment hardware ?
      drop     Drop IPv6 fragments at hardware
      forward  Forward IPv6 fragments at hardware

PFC3C is supposed to not be affected.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se




More information about the ipv6-ops mailing list