nanog mailing list archives
Stupid Question maybe?
From: Aseem Choudhary <aseemch () gmail com>
Date: Sun, 23 Dec 2018 09:55:21 -0800
Hi Christian, Discontinuous mask for IPv6 was supported in IOS-XR in release 5.2.2. You can refer below link for details: https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/ip-addresses/command/reference/b-ip-addresses-cr-asr9000/b-ipaddr-cr-asr9k_chapter_01.html#wp4831598620 Regards, Aseem On Wed, Dec 19, 2018 at 8:32 AM Saku Ytti <saku at ytti.fi <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote:
* On Wed, 19 Dec 2018 at 02:55, Philip Loenneker
*>* <Philip.Loenneker at tasmanet.com.au <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: *>>* > I had a heck of a time a few years back trying to troubleshoot an issue *>* where an upstream provider had an ACL with an incorrect mask along the *>* lines of 255.252.255.0. That was really interesting to talk about once we *>* discovered it, though it caused some loss of hair beforehand... *>>* Juniper originally didn't support them even in ACL use-case but were *>* forced to add later due to customer demand, so people do have *>* use-cases for them. If we'd still support them in forwarding, I'm sure *>* someone would come up with solution which depends on it. I am not *>* advocating we should, I'll rather take my extra PPS out of the HW. *>>* However there is one quite interesting use-case for discontinuous mask *>* in ACL. If you have, like you should have, specific block for customer *>* linknetworks, you can in iACL drop all packets to your side of the *>* links while still allowing packets to customer side of the links, *>* making attack surface against your network minimal. * And unfortunately is still not supported by IOS-XR for IPv6, which could mean not having a scaleable way on your edge to protect your internal network. -- Christian e-mail/xmpp: christian at errxtx.net <https://mailman.nanog.org/mailman/listinfo/nanog> PGP Fingerprint: B458 E4D6 7173 A8C4 9C75315B 709C 295B FA53 2318 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html <https://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html>> ------------------------------ - Previous message (by thread): Stupid Question maybe? <https://mailman.nanog.org/pipermail/nanog/2018-December/098410.html> - Next message (by thread): Stupid Question maybe? <https://mailman.nanog.org/pipermail/nanog/2018-December/098447.html> - *Messages sorted by:* [ date ] <https://mailman.nanog.org/pipermail/nanog/2018-December/date.html#98465> [ thread ] <https://mailman.nanog.org/pipermail/nanog/2018-December/thread.html#98465> [ subject ] <https://mailman.nanog.org/pipermail/nanog/2018-December/subject.html#98465> [ author ] <https://mailman.nanog.org/pipermail/nanog/2018-December/author.html#98465> ------------------------------ More information about the NANOG mailing list <https://mailman.nanog.org/mailman/listinfo/nanog>
Current thread:
- Re: Stupid Question maybe?, (continued)
- Re: Stupid Question maybe? Florian Weimer (Dec 21)
- Re: Stupid Question maybe? Fred Baker (Dec 18)
- Re: Stupid Question maybe? William Allen Simpson (Dec 19)
- Re: Stupid Question maybe? Scott Weeks (Dec 18)
- Re: Stupid Question maybe? Grant Taylor via NANOG (Dec 18)
- Re: Stupid Question maybe? Scott Weeks (Dec 18)
- Re: Stupid Question maybe? Brandon Martin (Dec 18)
- Re: Stupid Question maybe? James R Cutler (Dec 18)
- Re: Stupid Question maybe? Brandon Martin (Dec 18)
- Re: Stupid Question maybe? tim () pelican org (Dec 19)
- Re: Stupid Question maybe? Brandon Martin (Dec 18)