Point-to-point /64
Sander Steffann
sander at steffann.nl
Mon Jun 3 01:43:59 CEST 2013
Hi,
Op 3 jun. 2013, om 00:26 heeft Brian E Carpenter <brian.e.carpenter at gmail.com> het volgende geschreven:
> On 03/06/2013 10:06, Steinar H. Gunderson wrote:
>> 2013/6/2 Brian E Carpenter <brian.e.carpenter at gmail.com>:
>>>> I'm not sure about other switches, but for the Catalyst 3750/3750G, it
>>>> means some quirks with IPv6 ACLs. The 3750/3750D can do ACLs on full
>>>> /128's, but only if the lower 64 bits are EUI64.
>>> Huh? How can it possibly know that? (see draft-ietf-6man-ug)
>>
>> Presumably he means that the middle bits are ff:fe.
>
> And the UG bits are 10. But none of that proves that the identifier
> is EUI64. It only proves that it *might* be EUI64.
I think I understand the following: the 'optimisation' that Cisco makes here is that *if* the middle bits are ff:fe and UG is 10, then they accept an ACL with that address, and they don't actually store the 'known' bits but use the space to store other information in the TCAM. It would have to reject any ACL that tries to match on the full 128 bits where those specific bits are not 10 and ff:fe.
Darren: am I understanding this correctly?
Cheers,
Sander
More information about the ipv6-ops
mailing list