×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Link Local Address on BGP

Answered Question
Nov 17th, 2011
User Badges:

I recently start to have IPv6 BGP Peer, at first I try to block all the link local address at my interface incoming ACL but after a while I notice that there has many match log on the deny link local address. I want to know is it a correct thing to not block link local address even the link is upstream link to my ISP?


My IPv6 BGP is formed by using Global IPv6 address!

Correct Answer by stmillet about 5 years 9 months ago

Do you actually have a business need to block Link Local addresses ? This should not be done as the IPv6 control plane relies on link local addresses. e.g. each time you do a Neighbour Discovery on Ethernet. Link Local are also non routeable so they cannot traverse the router (assuming that is the intent of the ACL)


I would recommend against blocking Link Local addresses in ACLs however if you must do this you should be selective about the ones you allow through. e.g.


permit link_local_bgp_peer

deny all link_local

permit global uinicast


Though just beware that even then, if the upstream link local address changes, as in the upstream router swaps or replaces its interface then the ACL will have no effect as the Link Local address would have changed.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
stmillet Mon, 11/21/2011 - 00:17
User Badges:
  • Cisco Employee,

Do you actually have a business need to block Link Local addresses ? This should not be done as the IPv6 control plane relies on link local addresses. e.g. each time you do a Neighbour Discovery on Ethernet. Link Local are also non routeable so they cannot traverse the router (assuming that is the intent of the ACL)


I would recommend against blocking Link Local addresses in ACLs however if you must do this you should be selective about the ones you allow through. e.g.


permit link_local_bgp_peer

deny all link_local

permit global uinicast


Though just beware that even then, if the upstream link local address changes, as in the upstream router swaps or replaces its interface then the ACL will have no effect as the Link Local address would have changed.

Actions

This Discussion