Current IPv6 deployment methods in datacentres.

Phil Mayers p.mayers at imperial.ac.uk
Mon Nov 12 15:31:39 CET 2012


On 12/11/12 14:13, Nick Hilliard wrote:
> On 12/11/2012 14:11, Phil Mayers wrote:
>> You also run into ACL label limits in big installs (you can have many fewer
>> labels the SVIs, and burn one label per interface type & ACL combo).
>
> what worries me more on the sup72 0 is the inability to block ipv6 fragments.

Ah yes... you can either forward or drop unconditionally in hardware, or 
forward-with-ACLs in software (the default), IIRC?

Obviously that CPU punt is hugely sub-optimal (and falls foul of the 
"all CPU traffic goes via CoPP" issue too). It's a real shame that 
layer3-only ACLs can't at least be made to work - I wonder why Cisco 
can't fix that, at least.



More information about the ipv6-ops mailing list