Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6 filtering (was Re: IPv6 internet broken,cogent/telia/hurricane not peering)

  • From: Seth Mattinen
  • Date: Tue Oct 13 14:53:10 2009 
Matthew Petach wrote:
> 
> As I understand it, (and Cisco's documentation seems to support this,
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/M1.html#wpxref54198
> as an example), if you put a /128 in an ACL, you cannot specify any L4 port
> information for the address due to the limited width of the TCAM; in
> order to specify L4 information for the ACL, Cisco stuffs it into bits 24
> through 39, losing what information was originally stored in those bits.
> It just so happens those are the fixed FFFE bits in an EUI-64 address,
> so if you're using EUI-64, no "real" information is lost.  You can do your
> own non-EUI-64 addressing and still use ACLs with layer 4 port information
> as long as you don't put any addressing information into bits 24 through 39.
> 

Interesting; makes sense though. Thanks for the explanation.

~Seth


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.