IPv6 filtering (was Re: IPv6 internet broken, cogent/telia/hurricane not peering)
sethm at rollernet.us
Tue Oct 13 18:52:36 UTC 2009
Matthew Petach wrote:
> As I understand it, (and Cisco's documentation seems to support this,
> as an example), if you put a /128 in an ACL, you cannot specify any L4 port
> information for the address due to the limited width of the TCAM; in
> order to specify L4 information for the ACL, Cisco stuffs it into bits 24
> through 39, losing what information was originally stored in those bits.
> It just so happens those are the fixed FFFE bits in an EUI-64 address,
> so if you're using EUI-64, no "real" information is lost. You can do your
> own non-EUI-64 addressing and still use ACLs with layer 4 port information
> as long as you don't put any addressing information into bits 24 through 39.
Interesting; makes sense though. Thanks for the explanation.
More information about the NANOG