[190332] in North American Network Operators' Group
Re: Quick question regarding: Problematic IPv6 Multicast traffic
daemon@ATHENA.MIT.EDU (Bruce Simpson)
Sat Jun 25 06:29:14 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Bruce Simpson <bms@fastmail.net>
Date: Sat, 25 Jun 2016 11:29:07 +0100
In-Reply-To: <acb7c871-5493-efbf-c7df-c72e4291592e@bogus.com>
Errors-To: nanog-bounces@nanog.org
On 24/06/16 18:31, joel jaeggli wrote:
> you can filter multicast destination addresses by acl.
>
> NDP you kinda need since it replaces ARP
>
> RA's you can and should filter (icmp6 type 134)
Data point, although the chances of you using this kit in an IX are slim
to none: The HPE-badged H3C workgroup switches are problematic to
configure this for.
1) The web GUI is woefully unable to do it right, and HP do not
officially sanction the use of the CLI.
2) IPv6 packet ACLs only appear to be supported per-port on *ingress*.
