[c-nsp] VLSM
Ted Mittelstaedt
tedm at toybox.placo.com
Wed Jan 12 01:51:19 EST 2005
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Mark Persiko
> Sent: Tuesday, January 11, 2005 7:50 AM
> To: cisco-nsp at puck.nether.net; Brant I. Stevens; lists at hojmark.org;
> matthew zeier; Gert Doering; Shaun
> Subject: RE: [c-nsp] VLSM
>
>
> If you have a hierarchical network topology with the gateway of last
> resort facing one egress point at the core, then I've noticed that "ip
> classless" has the unfortunate side effect of sending all traffic out
> that egress pipe, whose destination is for subnets that aren't used
> within the network.
I would be more interested in finding out where such traffic is
originating from. That egress point should have a firewall
on it that should have sufficient CPU power to run a set of
big access lists. We use a 2 Ghz PC running UNIX that is setup
as an ethernet to ethernet router in between the actual egress router
and our switches, that does nothing other than screen traffic.
I daresay I could probably list every single host IP
on our network without introducing significant latency.
You will probably find the bulk of the traffic originating
from a handful of misconfigured hosts.
Ted
More information about the cisco-nsp
mailing list