[c-nsp] NAT and ARP

Brian Feeny signal at shreve.net
Thu Oct 21 22:23:24 EDT 2004


On Oct 21, 2004, at 8:59 PM, Amol Sapkal wrote:
>
> default route is to fa0/1
>


If your really defaulting to fa0/1 and not to a next-hop IP address, my 
advise is "don't do this".
Its an evil in itself that cisco actually lets you route to broadcast 
interfaces like that.  Default routing
like this, especially on a link that has an appreciable amount of use, 
results in all sorts of craziness
like your router arping for every IP address on the Internet, building 
huge arp caches, etc.

Brian




>
> Regds,
> Amol
>
>
>
>
>
> On Thu, 21 Oct 2004 08:49:30 -0500, Brian Feeny <signal at shreve.net> 
> wrote:
>>
>> Well one or all of the following should be really happening:
>>
>> a) your using a NAT source list that only specifies truly valid
>> networks, not something like "any any".
>> b) you are filtering so only valid networks can egress
>> c) you are using unicast revese path checking
>>
>> Brian
>>
>> ---------------------------------------------
>> Brian Feeny, CCIE #8036, CISSP
>> Network Engineer
>> ShreveNet Inc.
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
>
>
> -- 
> Warm Regds,
>
> Amol Sapkal
>
> --------------------------------------------------------------------
> An eye for an eye makes the whole world blind
> - Mahatma Gandhi
> --------------------------------------------------------------------
>
---------------------------------------------
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041021/791d6fac/PGP.bin


More information about the cisco-nsp mailing list