Hi Christian, Discontinuous mask for IPv6 was supported in IOS-XR in release 5.2.2.
You can refer below link for details: https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/ip-addresses/command/reference/b-ip-addresses-cr-asr9000/b-ipaddr-cr-asr9k_chapter_01.html#wp4831598620 Regards, Aseem On Wed, Dec 19, 2018 at 8:32 AM Saku Ytti <saku at ytti.fi <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: >* On Wed, 19 Dec 2018 at 02:55, Philip Loenneker *>* <Philip.Loenneker at tasmanet.com.au <https://mailman.nanog.org/mailman/listinfo/nanog>> wrote: *>>* > I had a heck of a time a few years back trying to troubleshoot an issue *>* where an upstream provider had an ACL with an incorrect mask along the *>* lines of 255.252.255.0. That was really interesting to talk about once we *>* discovered it, though it caused some loss of hair beforehand... *>>* Juniper originally didn't support them even in ACL use-case but were *>* forced to add later due to customer demand, so people do have *>* use-cases for them. If we'd still support them in forwarding, I'm sure *>* someone would come up with solution which depends on it. I am not *>* advocating we should, I'll rather take my extra PPS out of the HW. *>>* However there is one quite interesting use-case for discontinuous mask *>* in ACL. If you have, like you should have, specific block for customer *>* linknetworks, you can in iACL drop all packets to your side of the *>* links while still allowing packets to customer side of the links, *>* making attack surface against your network minimal. * And unfortunately is still not supported by IOS-XR for IPv6, which could mean not having a scaleable way on your edge to protect your internal network. -- Christian e-mail/xmpp: christian at errxtx.net <https://mailman.nanog.org/mailman/listinfo/nanog> PGP Fingerprint: B458 E4D6 7173 A8C4 9C75315B 709C 295B FA53 2318 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html <https://mailman.nanog.org/pipermail/nanog/attachments/20181220/cfd683a3/attachment.html>> ------------------------------ - Previous message (by thread): Stupid Question maybe? <https://mailman.nanog.org/pipermail/nanog/2018-December/098410.html> - Next message (by thread): Stupid Question maybe? <https://mailman.nanog.org/pipermail/nanog/2018-December/098447.html> - *Messages sorted by:* [ date ] <https://mailman.nanog.org/pipermail/nanog/2018-December/date.html#98465> [ thread ] <https://mailman.nanog.org/pipermail/nanog/2018-December/thread.html#98465> [ subject ] <https://mailman.nanog.org/pipermail/nanog/2018-December/subject.html#98465> [ author ] <https://mailman.nanog.org/pipermail/nanog/2018-December/author.html#98465> ------------------------------ More information about the NANOG mailing list <https://mailman.nanog.org/mailman/listinfo/nanog>
