Link-local and ACLs
Nick Hilliard
nick at foobar.org
Wed Jul 26 13:46:03 CEST 2017
Brian E Carpenter wrote:
> On 25/07/2017 19:07, Gert Doering wrote:
> > So, to stay with Tore's example, if you want to make NDP work on an IXP,
> > you need to permit fe80->fe80, fe80->GUA, etc. in your ACLs - which ends
> > up needing quite a number of lines to cover all cases
>
> Fair enough. IXPs are a bit of a special case, though.
sorta and sorta not. An ACL appropriate for an IXP would provide a
template to cover pretty much most use cases, which would then be
directly relevant to other specific cases like having a point-to-point
connection between router A and router B and so forth.
Nick
More information about the ipv6-ops
mailing list