[190334] in North American Network Operators' Group
Re: Quick question regarding: Problematic IPv6 Multicast traffic
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sat Jun 25 21:57:01 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <576E5CF3.8070209@fastmail.net>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Sat, 25 Jun 2016 21:54:54 -0400
To: Bruce Simpson <bms@fastmail.net>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jun 25, 2016 at 6:29 AM, Bruce Simpson <bms@fastmail.net> wrote:
> On 24/06/16 18:31, joel jaeggli wrote:
>
>> you can filter multicast destination addresses by acl.
>>
>> NDP you kinda need since it replaces ARP
>>
>> RA's you can and should filter (icmp6 type 134)
>>
>
> Data point, although the chances of you using this kit in an IX are slim
> to none: The HPE-badged H3C workgroup switches are problematic to configu=
re
> this for.
>
> 1) The web GUI is woefully unable to do it right, and HP do not officiall=
y
> sanction the use of the CLI.
>
=E2=80=8Bhaha! you said gui and switch configuration...
Errm, 'do not officially sanction the use of the CLI' ? Did you promptly
'not officially sanction their use in your nettwork?' If not, I think I see
your problem...=E2=80=8B
>
> 2) IPv6 packet ACLs only appear to be supported per-port on *ingress*.
>
>
=E2=80=8BI think this might actually be the case for quite a few
devices/manufacturers actually. It's nice that for mcast on v6 you actually
mostly care about that on ingress though :)=E2=80=8B
