[nsp] ARP storm

james hackerwacker at cybermesa.com
Thu Sep 4 10:20:09 EDT 2003

 James, is the problem coming from the Internet or from his users?

Users. He is dropping 92 Byte pings at the edge on both his connections.
His TCP Dumps support this finding.

He has subnetted the /22 into a /24 and /23 and it seem the wireless nodes 
are most effected. Hundreds of hosts on this network. They are experienced
*nix admins, they are using Linux TC to control and shape client traffic, so a box
to do Proxy ARP could be a solution. What do y'all think ? He could rate limit
the arps with TC, but both he and I this this will make things worse. They need 
to be answered.

More information about the cisco-nsp mailing list