[cisco-bba] About converting from IRB to RBE

Siva Valliappan svalliap at cisco.com
Fri Aug 15 16:18:56 EDT 2003 

comments inline.

cheers
.siva

On Thu, 14 Aug 2003, Mark E. Mallett wrote:

> The interfaces appear to come up fine.  Now, RBE wants to validate all
> of the ARP entries that it installs onto the interfaces configured in
> this way.  (No complaints there, I think this is great, it helps to
> prevent people from hijacking IP addresses by simply arping them as
> they could with bridged interfaces.)  The ARP entries are installed
> when certain DHCP requests and results are seen.  The problem here is
> that there are already a large number of DSL customers out there
> exchanging traffic, and they are effectively cut off until they do the
> proper DHCP dialog.  By observation it appears that a
> DISCOVER/OFFER/REQUEST/ACK sequence is required (or at least the
> DISCOVER/OFFER sequence).  Of the clients that find themselves not
> passing traffic, extremely few of them will automatically try a
> release/obtain (i.e. in order to generate the DISCOVER).  And in fact
> not very many of them even try an automatic renew.  So after the
> IRB-to-RBE conversion most existing DSL customers do not have connectivity.
>

correct.  if we did not make the DHCP offer, we are unable to
automatically install a static route to that address.  i would think
this is a feature you would want so that people don't hijack addresses
as you pointed out  :)

if you want to override this behavior you can configure a static route
by hand pointing to the subint for the address that the customer is using.
and then remove the static route after some finite time.

> I may have missed it: is there a migration solution that doesn't
> involve coordinating with every existing customer out there?  One
> useful setting might be "do not validate ARP entries-- install every
> ARP observed on these subnets/these interfaces" for a time.
>

i don't think we support this right now.  (other then the method of
configuring a static route).  but i could be wrong.


> It also occured to me that I could use the "ip dhcp database"
> facility-- I could easily hand-construct a dhcp cache file that would
> be loaded into the router upon reload.  However, that would involve
> getting the information out of the IRB configuration to populate that
> fake database, information that would include VPI/VCI for each
> installed ARP entry, and again I have run into a wall trying to find
> that.
>

yah.  :(

> Any hints?
>

sorry.  i have no idea.  but then i have been in the bowels of IOS infra
for the last 18 months and out of the BBA world....

> Yours,
> -mm-
>

More information about the cisco-bba mailing list