[nsp] RFC 3069
Matt Buford
matt at overloaded.net
Thu Jun 24 21:37:58 EDT 2004
On June 22, 2004, Andrew Fort wrote:
> Private VLANs on the Cat6500/etc are the same kind of thing (don't know
> if it's interoperate with the Extreme, but it is the same concept).
>
> Note: If you're using multiple MSFCs to terminate the routing for your
> single 'parent' VLAN (the one which has Layer 3 addressing), you'll need
> to configure static ARP entries (or use recent MSFC software that does
> this for you) if you are using 'ip local proxy-arp' (which is the only
> way you can get things in the same subnet to talk to each other, since
> they're in different broadcast domains). Without static ARP entries,
> the routers get into a race condition for local proxy ARP'ing, and this
> can (and will) cause you grief at some point.
>
> Unless you really have a big address shortage problem or you're certain
> it's the right fit, I wouldn't recommend private VLAN colo design.
I've been harassing Cisco about local proxy-arp causing redundant MSFCs to
answer each other's ARPs for over a year, and they are claiming it is fixed
in the latest software on supervisor 720s. I've been invited to one of
their labs in a couple weeks to see this for myself. I'll reply again once
I know...
I have roughly 30,000 ARP entries, so static ARP entries are not really very
feasable.
More information about the cisco-nsp
mailing list