IPv6: permit does not stop passing of the packet according to the rules

Rom1 — Wed, 13 Feb 2019 19:00:29 GMT

I have two servers, IPv6 interfaces: 2a06:6780:0:1: 1 and 2a06:6780:0: 2: 2

Each of the servers is connected to BD-8810, on each port there is the same ingress policy, approximately with the following content:

code:

# To our IPv6
entry 06_to_our_ipv6 {
if {
        destination-address 2a06:6780::/29;
}
then {
        count 06_to_our_ipv6;
        permit;
}
}

# To world IPv6
entry 07_from_ipv6 {
if {
       source-address 2a06:6780::/29;
}
then {
        count 07_from_ipv6;
        redirect-name uplink6;
}
}

Connectivity between servers over IPv6 is present, but turned out to be suspiciously high ping between them ~20ms. By the way ~10ms-this is the first gateway uplink.

Began to understand, the traffic from the server to the server goes through uplink (uplink6).

For clarity, changed the policy to this:

code:

# To our IPv6
entry 06_to_our_ipv6 {
if {
        source-address 0::/0;
}
then {
        count 06_to_our_ipv6;
        permit;
}
}

# To world IPv6
entry 07_from_ipv6 {
if {
        source-address 0::/0;
}
then {
        count 07_from_ipv6;
        redirect-name uplink6;
}
}

What was my surprise that both counters are growing at the same time and equally!

code:

# sho access-list counter ports 1:34
Policy Name       Vlan Name        Port   Direction
    Counter Name                   Packet Count         Byte Count
==================================================================
from_ipv4_ipv6    *                1:34   ingress
...
    06_to_our_ipv6                 624
    07_from_ipv6                   624

How is that even possible? Why does permit not stop the package from passing by the rules?

topic IPv6: permit does not stop passing of the packet according to the rules in ExtremeSwitching (EXOS/Switch Engine)

IPv6: permit does not stop passing of the packet according to the rules