Prefix usage differences between acls and, Other ipv6 addressing -33 – HP 6200YL User Manual

IPv6 Access Control Lists (ACLs)

Planning an ACL Application

To summarize, when the switch compares an IPv6 packet to an ACE in an ACL,
it uses the subnet prefixes configured with the SA and DA in the ACE to
determine how many leftmost, contiguous bits in the ACE’s SA and DA must
be matched by the same bits in the SA and DA carried by the packet. Thus, the
subnet prefixes specified with the SA and DA in an ACE determine the ranges
of source and destination addresses acceptable for a match between the ACE
and a packet being filtered.

Prefix Usage Differences Between ACLs and
Other IPv6 Addressing

For ACLs, the prefix is used to specify the leftmost bits in an address that are
meaningful for a packet match. In other ACL usage, the prefix separates
network and subnet values from the device identifier in an address.

Prefix Usage

Examples

Notes

For an SA or DA in the ACE belonging to an IPv6

2620:0:a03:e102:215:60ff:fe7a:adc0/128

ACL, the associated prefix specifies how many
consecutive, leading bits in the address are
used to define a match with the corresponding
bits in the SA or DA of a packet being filtered.

2620:0:a03:e102:215/80

::/0

All bits. Used for a specific
SA or DA.

The first 80 bits. Used for an
SA or DA having
2620:0:a03:e102:215 in the
leftmost 80 bits of an address.

Zero bits. Used to allow a
match with “Any” SA or DA.

For the IPv6 address assigned to a given device,

fe80::215:60ff:fe7a:adc0/64 Link-Local address with a

the prefix defines the type of address and the

prefix of 64 bits and a device

network and subnet in which the address

ID of 64 bits.

resides. In this case, the bits to the right of the
prefix comprise the device identifier.

2620:0:a03:e102:215:60ff:fe7a:adc0/64 Global unicast address with a

prefix of 64 bits and a device
ID of 64 bits.

8-33