Current IPv6 deployment methods in datacentres.
Phil Mayers
p.mayers at imperial.ac.uk
Mon Nov 12 15:31:39 CET 2012
On 12/11/12 14:13, Nick Hilliard wrote:
> On 12/11/2012 14:11, Phil Mayers wrote:
>> You also run into ACL label limits in big installs (you can have many fewer
>> labels the SVIs, and burn one label per interface type & ACL combo).
>
> what worries me more on the sup72 0 is the inability to block ipv6 fragments.
Ah yes... you can either forward or drop unconditionally in hardware, or
forward-with-ACLs in software (the default), IIRC?
Obviously that CPU punt is hugely sub-optimal (and falls foul of the
"all CPU traffic goes via CoPP" issue too). It's a real shame that
layer3-only ACLs can't at least be made to work - I wonder why Cisco
can't fix that, at least.
More information about the ipv6-ops
mailing list