Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header
swmike at swm.pp.se
Fri Sep 30 06:13:37 UTC 2011
On Fri, 30 Sep 2011, Christopher Morrow wrote:
> If you do nothing the default behavior is to send the packet to the
> RP... why? (why would you want this packet sent to the RP? it's got a
> valid destination, no? so deliver it out the egress interface?)
I was told it's because PFC3B can't look into the packet far enough to
determine what the payload is (TCP/UDP etc) and port, that's only the RP
that can do ACL handling of the packet.
So if you configure "forward", people can put a fragmentation header on
the packet and skip past your ACL.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG