Link-local and ACLs

Brian E Carpenter brian.e.carpenter at
Mon Jul 24 22:42:02 CEST 2017

On 25/07/2017 05:46, David Farmer wrote:
> In practice Neighbor Discovery, and other critical protocols, need
> link-local addresses to talk to other link-local addresses and some
> multicast addresses.
> Also, in theory a link-local address could talk to a GUA or ULA address on
> the same link. However, in practices does this really happen? If it does
> happen in practice what are circumstances?

I assume you mean a case where the global scope address matches an
on-link prefix? Otherwise the packet is doomed anyway, since no 
conforming router will forward it off-link. That doesn't need an ACL.

Also you must mean a case where RFC6724 is overridden, since otherwise
source address selection will prevent it happening (see the examples
in RFC6724 section 10).

So, I'm not aware of any realistic case where this happens, or any
reason for it. Or any harm that it would do, for an on-link prefix.


More information about the ipv6-ops mailing list