nanog mailing list archives
Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header
From: Jimmy Hess <mysidia () gmail com>
Date: Sat, 1 Oct 2011 15:56:39 -0500
On Fri, Sep 30, 2011 at 12:55 AM, Christopher Morrow <morrowc.lists () gmail com> wrote:
On Fri, Sep 30, 2011 at 1:07 AM, Mikael Abrahamsson <swmike () swm pp se> wrote: when will vendors learn that punting to the RE/RP/smarts for packets in the fastpath is ... not just 'unwise' but wholesale stupid? :(
Yeah, that's a nice one, thanks. At this point, I would have to describe it as ludicrous product engineering. Unless we're talking about small-business CPE devices, or true beasts with RPs capable of actually handling the load at wire speed. It goes beyond 'stupid' and well into the range of unreasonably insane UI design. Are cars designed to automatically slow to a stop when you turn on the radio if you forget to push a "don't let the radio interfere with my engine" button? The default/convention on real routers should be: Never punt a packet to RP for ACL processing. If someone asks to establish an ACL for a type of traffic would be subject to that, the request should generate an error. Or it should warn the user "% ACL Processing for this command will not be performed on fragments, unless you enable software ACL processing of IPv6 fragments using the blah blah blah command." And ask the human to manually turn on a " platform ipv6 acl fragment allow-software yes-i-am-really-really-sure " setting. -- -JH
Current thread:
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Simon Leinen (Oct 01)
- <Possible follow-ups>
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Jimmy Hess (Oct 01)