[145163] in North American Network Operators' Group
Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Fri Sep 30 01:09:30 2011
Date: Fri, 30 Sep 2011 07:07:50 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Just thought I'd share some operational info.
PFC3B will by default punt IPv6 packets with fragmentation header to RP
and route them there, with the obvious performance penalty this incurs.
Workaround is to change this behaviour, meaning ACLs won't work for
packets with fragmentation header anymore:
#platform ipv6 acl fragment hardware ?
drop Drop IPv6 fragments at hardware
forward Forward IPv6 fragments at hardware
PFC3C is supposed to not be affected.
A lot of Teredo and 6to4 traffic has fragmentation headers, so this
actually is a real problem. We discovered this at our Teredo relay
upstream router.
--
Mikael Abrahamsson email: swmike@swm.pp.se
