Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3427
Views
0
Helpful
2
Replies

Link Local Address on BGP

Go to solution
hiukei
Level 1
Level 1

‎11-17-2011 03:42 AM - edited ‎03-01-2019 05:31 PM

I recently start to have IPv6 BGP Peer, at first I try to block all the link local address at my interface incoming ACL but after a while I notice that there has many match log on the deny link local address. I want to know is it a correct thing to not block link local address even the link is upstream link to my ISP?

My IPv6 BGP is formed by using Global IPv6 address!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stmillet
Cisco Employee
Cisco Employee

‎11-21-2011 12:17 AM

Do you actually have a business need to block Link Local addresses ? This should not be done as the IPv6 control plane relies on link local addresses. e.g. each time you do a Neighbour Discovery on Ethernet. Link Local are also non routeable so they cannot traverse the router (assuming that is the intent of the ACL)

I would recommend against blocking Link Local addresses in ACLs however if you must do this you should be selective about the ones you allow through. e.g.

permit link_local_bgp_peer

deny all link_local

permit global uinicast

Though just beware that even then, if the upstream link local address changes, as in the upstream router swaps or replaces its interface then the ACL will have no effect as the Link Local address would have changed.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
stmillet
Cisco Employee
Cisco Employee

‎11-21-2011 12:17 AM

Do you actually have a business need to block Link Local addresses ? This should not be done as the IPv6 control plane relies on link local addresses. e.g. each time you do a Neighbour Discovery on Ethernet. Link Local are also non routeable so they cannot traverse the router (assuming that is the intent of the ACL)

I would recommend against blocking Link Local addresses in ACLs however if you must do this you should be selective about the ones you allow through. e.g.

permit link_local_bgp_peer

deny all link_local

permit global uinicast

Though just beware that even then, if the upstream link local address changes, as in the upstream router swaps or replaces its interface then the ACL will have no effect as the Link Local address would have changed.

0 Helpful

Go to solution
hiukei
Level 1
Level 1
In response to stmillet

‎11-21-2011 05:53 AM

Yes I finally allow the link local address on those link!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents