On Fri, Sep 30, 2011 at 12:55 AM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Fri, Sep 30, 2011 at 1:07 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote: when will vendors learn that punting to the RE/RP/smarts for packets in the fastpath is ... not just 'unwise' but wholesale stupid? :( Yeah, that's a nice one, thanks.
At this point, I would have to describe it as ludicrous product engineering. Unless we're talking about small-business CPE devices, or true beasts with RPs capable of actually handling the load at wire speed. It goes beyond 'stupid' and well into the range of unreasonably insane UI design. Are cars designed to automatically slow to a stop when you turn on the radio if you forget to push a "don't let the radio interfere with my engine" button? The default/convention on real routers should be: Never punt a packet to RP for ACL processing. If someone asks to establish an ACL for a type of traffic would be subject to that, the request should generate an error. Or it should warn the user "% ACL Processing for this command will not be performed on fragments, unless you enable software ACL processing of IPv6 fragments using the blah blah blah command." And ask the human to manually turn on a " platform ipv6 acl fragment allow-software yes-i-am-really-really-sure " setting. -- -JH