[nsp] ARP storm

Carrara, Richard Richard.Carrara at datareturn.com
Thu Sep 4 14:13:53 EDT 2003


Is he dropping them on ingress for /24 and /23 too?  Is the wireless setup ad-hoc or infrastructure?  I assume the 7200 is the gw for the wireless clients.  Is this correct?  

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of james
Sent: Thursday, September 04, 2003 10:20 AM
To: Carrara, Richard; JR Mayberry
Cc: cisco-nsp at puck.nether.net; Thomas Renzy
Subject: Re: [nsp] ARP storm



 James, is the problem coming from the Internet or from his users?

Users. He is dropping 92 Byte pings at the edge on both his connections.
His TCP Dumps support this finding.

He has subnetted the /22 into a /24 and /23 and it seem the wireless nodes 
are most effected. Hundreds of hosts on this network. They are experienced
*nix admins, they are using Linux TC to control and shape client traffic, so a box
to do Proxy ARP could be a solution. What do y'all think ? He could rate limit
the arps with TC, but both he and I this this will make things worse. They need 
to be answered.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list