Stupid Question maybe?

Sun Dec 23 17:55:21 UTC 2018

Hi Christian,

Discontinuous mask for IPv6 was supported in IOS-XR in release 5.2.2.

You can refer below link for details:

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/ip-addresses/command/reference/b-ip-addresses-cr-asr9000/b-ipaddr-cr-asr9k_chapter_01.html#wp4831598620

Regards,

Aseem

On Wed, Dec 19, 2018 at 8:32 AM Saku Ytti <saku at ytti.fi
<https://mailman.nanog.org/mailman/listinfo/nanog>> wrote:

>* On Wed, 19 Dec 2018 at 02:55, Philip Loenneker
*>* <Philip.Loenneker at tasmanet.com.au
<https://mailman.nanog.org/mailman/listinfo/nanog>> wrote:
*>>* > I had a heck of a time a few years back trying to troubleshoot an issue
*>* where an upstream provider had an ACL with an incorrect mask along the
*>* lines of 255.252.255.0. That was really interesting to talk about once we
*>* discovered it, though it caused some loss of hair beforehand...
*>>* Juniper originally didn't support them even in ACL use-case but were
*>* forced to add later due to customer demand, so people do have
*>* use-cases for them. If we'd still support them in forwarding, I'm sure
*>* someone would come up with solution which depends on it. I am not
*>* advocating we should, I'll rather take my extra PPS out of the HW.
*>>* However there is one quite interesting use-case for discontinuous mask
*>* in ACL. If you have, like you should have, specific block for customer
*>* linknetworks, you can in iACL drop all packets to your side of the
*>* links while still allowing packets to customer side of the links,
*>* making attack surface against your network minimal.
*

And unfortunately is still not supported by IOS-XR for IPv6, which could
mean not having a scaleable way on your edge to protect your internal
network.

-- 
Christian

e-mail/xmpp: christian at errxtx.net
<https://mailman.nanog.org/mailman/listinfo/nanog>
PGP Fingerprint: B458 E4D6 7173 A8C4 9C75315B 709C 295B FA53 2318
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html
<https://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html>>

------------------------------

   - Previous message (by thread): Stupid Question maybe?
   <https://mailman.nanog.org/pipermail/nanog/2018-December/098410.html>
   - Next message (by thread): Stupid Question maybe?
   <https://mailman.nanog.org/pipermail/nanog/2018-December/098447.html>
   - *Messages sorted by:* [ date ]
   <https://mailman.nanog.org/pipermail/nanog/2018-December/date.html#98465>
    [ thread ]
   <https://mailman.nanog.org/pipermail/nanog/2018-December/thread.html#98465>
    [ subject ]
   <https://mailman.nanog.org/pipermail/nanog/2018-December/subject.html#98465>
    [ author ]
   <https://mailman.nanog.org/pipermail/nanog/2018-December/author.html#98465>

------------------------------
More information about the NANOG mailing list
<https://mailman.nanog.org/mailman/listinfo/nanog>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181223/8a6de918/attachment.html>