On Fri, Sep 30, 2011 at 1:07 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
Just thought I'd share some operational info.
PFC3B will by default punt IPv6 packets with fragmentation header to RP and route them there, with the obvious performance penalty this incurs.
when will vendors learn that punting to the RE/RP/smarts for packets in the fastpath is ... not just 'unwise' but wholesale stupid? :(
Workaround is to change this behaviour, meaning ACLs won't work for packets with fragmentation header anymore:
#platform ipv6 acl fragment hardware ? drop Drop IPv6 fragments at hardware forward Forward IPv6 fragments at hardware
your recommendation is to ... forward? (or perhaps not 'recommendation' but: "Forward means do not pass go, just ship out the proper egress interface. drop means ... send to hell" If you do nothing the default behavior is to send the packet to the RP... why? (why would you want this packet sent to the RP? it's got a valid destination, no? so deliver it out the egress interface?) thanks! -chris
PFC3C is supposed to not be affected.
A lot of Teredo and 6to4 traffic has fragmentation headers, so this actually is a real problem. We discovered this at our Teredo relay upstream router.
-- Mikael Abrahamsson email: swmike@swm.pp.se