On Jul 18, 2009, at 2:37 PM, Saku Ytti wrote:
I'm guessing point Roland was making (which he likely would have not made couple moons ago:)
I've made this point for years, quite publicly, actually - even when it was unpopular for me to do so in certain quarters. ;> uRPF for 7600/6500 can only be in one mode for the whole box, all interfaces. This is a major problem in many cases. The NetFlow issues render flow telemetry unusable in production situations. The ACLs work very differently on this platform due to LOU issues, as you say. Most folks don't know this, and many end up overflowing their TCAMs and not realizing it until their boxes fall over, heh. If one has fairly complex ACLs covering various ranges of ports, ACLs on 7600/6500 quickly become very difficult to manage.
EARL8 (Nexus7k) fixes the IPv6/uRPF and IPv6/ACL issue.
And the NetFlow issues. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Unfortunately, inefficiency scales really well. -- Kevin Lawton