Re: Cisco 7600 PFC3B(XL) and IPv6 packets with fragmentation header

[Jimmy Hess <mysidia () gmail com>]

On Fri, Sep 30, 2011 at 12:55 AM, Christopher Morrow
<morrowc.lists () gmail com> wrote:
> On Fri, Sep 30, 2011 at 1:07 AM, Mikael Abrahamsson <swmike () swm pp se> wrote:
> when will vendors learn that punting to the RE/RP/smarts for packets
> in the fastpath is ... not just 'unwise' but wholesale stupid? :(
Yeah, that's a nice one, thanks.

At this point, I would have to describe it as ludicrous product engineering.
Unless we're talking about small-business CPE devices,  or true beasts
with RPs capable of actually handling the load at wire speed.
It goes beyond 'stupid' and well into the range of unreasonably insane UI
design.

Are cars designed to automatically slow to a stop when you turn on the radio
if you forget to push a  "don't let the radio interfere with my engine"  button?

The default/convention on real routers should  be:   Never punt a packet to RP
for ACL processing.  If someone asks to establish an ACL for a type of traffic
would be subject to that,   the request should generate an error.

Or it should warn the user "% ACL Processing for this command will not
be performed on fragments, unless you enable software ACL processing
of IPv6 fragments using the blah blah blah command."

And ask the human to manually turn on a " platform ipv6 acl fragment
allow-software yes-i-am-really-really-sure "  setting.

--
-JH