Point-to-point /64
Ivan Pepelnjak
ipepelnjak at gmail.com
Mon Jun 3 07:39:41 CEST 2013
> I'm not sure about other switches, but for the Catalyst 3750/3750G, it
> means some quirks with IPv6 ACLs. The 3750/3750D can do ACLs on full
> /128's, but only if the lower 64 bits are EUI64. Otherwise the ACLs only
> support /64's or shorter. As I understand it, this is because Cisco made
> room for IPv6 in the TCAM by encoding the tcp/udp port number into bits
> 89-104 of the IPv6 address. Fortunately the 3750-E doesn't have this
> limitation.
That's because they ran out of TCAM bits. For SRC-DST ACL you need 512 bits (128 bit IPv6 address, 128 bit wildcard, times 2) plus whatever you need for port numbers. Well, they decided to squeeze the port numbers into the FFFE part of EUI64 address.
More information about the ipv6-ops
mailing list