nanog mailing list archives
Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Fri, 30 Sep 2011 08:13:37 +0200 (CEST)
On Fri, 30 Sep 2011, Christopher Morrow wrote:
If you do nothing the default behavior is to send the packet to the RP... why? (why would you want this packet sent to the RP? it's got a valid destination, no? so deliver it out the egress interface?)
I was told it's because PFC3B can't look into the packet far enough to determine what the payload is (TCP/UDP etc) and port, that's only the RP that can do ACL handling of the packet.
So if you configure "forward", people can put a fragmentation header on the packet and skip past your ACL.
-- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Mikael Abrahamsson (Sep 29)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 29)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Mikael Abrahamsson (Sep 29)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Saku Ytti (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Saku Ytti (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Saku Ytti (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Nick Hilliard (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Mohacsi Janos (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Nick Hilliard (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 30)
- Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header Christopher Morrow (Sep 29)