Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header

[Mikael Abrahamsson <swmike () swm pp se>]

On Fri, 30 Sep 2011, Christopher Morrow wrote:

> If you do nothing the default behavior is to send the packet to the 
> RP... why? (why would you want this packet sent to the RP? it's got a 
> valid destination, no? so deliver it out the egress interface?)

I was told it's because PFC3B can't look into the packet far enough to 
determine what the payload is (TCP/UDP etc) and port, that's only the RP 
that can do ACL handling of the packet.

So if you configure "forward", people can put a fragmentation header on 
the packet and skip past your ACL.

--
Mikael Abrahamsson    email: swmike () swm pp se