[118174] in North American Network Operators' Group
Re: IPv6 filtering (was Re: IPv6 internet broken,
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Tue Oct 13 14:53:22 2009
Date: Tue, 13 Oct 2009 11:52:36 -0700
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <63ac96a50910131122s2db8a588h800c851fcf2f6ec6@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Matthew Petach wrote:
>
> As I understand it, (and Cisco's documentation seems to support this,
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/M1.html#wpxref54198
> as an example), if you put a /128 in an ACL, you cannot specify any L4 port
> information for the address due to the limited width of the TCAM; in
> order to specify L4 information for the ACL, Cisco stuffs it into bits 24
> through 39, losing what information was originally stored in those bits.
> It just so happens those are the fixed FFFE bits in an EUI-64 address,
> so if you're using EUI-64, no "real" information is lost. You can do your
> own non-EUI-64 addressing and still use ACLs with layer 4 port information
> as long as you don't put any addressing information into bits 24 through 39.
>
Interesting; makes sense though. Thanks for the explanation.
~Seth
