Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header

Christopher Morrow morrowc.lists at gmail.com
Fri Sep 30 05:55:55 UTC 2011


On Fri, Sep 30, 2011 at 1:07 AM, Mikael Abrahamsson <swmike at swm.pp.se> wrote:
>
> Just thought I'd share some operational info.
>
> PFC3B will by default punt IPv6 packets with fragmentation header to RP and
> route them there, with the obvious performance penalty this incurs.

when will vendors learn that punting to the RE/RP/smarts for packets
in the fastpath is ... not just 'unwise' but wholesale stupid? :(

>
> Workaround is to change this behaviour, meaning ACLs won't work for packets
> with fragmentation header anymore:
>
>  #platform ipv6 acl fragment hardware ?
>    drop     Drop IPv6 fragments at hardware
>    forward  Forward IPv6 fragments at hardware
>

your recommendation is to ... forward? (or perhaps not 'recommendation' but:
"Forward means do not pass go, just ship out the proper egress interface.
 drop means ... send to hell"

If you do nothing the default behavior is to send the packet to the
RP... why? (why would you want this packet sent to the RP? it's got a
valid destination, no? so deliver it out the egress interface?)

thanks!
-chris

> PFC3C is supposed to not be affected.
>
> A lot of Teredo and 6to4 traffic has fragmentation headers, so this actually
> is a real problem. We discovered this at our Teredo relay upstream router.
>
> --
> Mikael Abrahamsson    email: swmike at swm.pp.se
>
>




More information about the NANOG mailing list