[c-nsp] Decnet, LAT, MOP ... anybody?!?

Netfortius netfortius at gmail.com
Thu Apr 6 16:59:10 EDT 2006 

On Thursday 06 April 2006 14:59, Brian McMahon wrote:
> On Apr 6, 2006, at 12:32, Netfortius wrote:
> > Thank you for your reply. This is the challenge - I mentioned LAT
> > and MOP as I
> > know they are not routable, but I cannot tell if the traffic I am
> > seeing is
> > in real need for bridging or if I see it because it is bridged
> > (does it make
> > sense? - this is the only way I could describe my problem).
>
> If the traffic is originating on one side of the bridge, and you're
> seeing it on the other, then that is due to one of three things:
>
> (1) The traffic is unicasted to a MAC address on your side, therefore
> "needs to be bridged".
>
> (2) The traffic is broad- or multicasted, which needs to be bridged
> only if something on your side really cares (is, for example,
^^^^^^^^^^^^^^^^^^^^^^^^^
> listening to service advertisements).

Exactly my point!

>
> (3) Your bridge is unicast flooding, which is a completely separate
> problem.
>
> > For example - I am seeing conversation between an interface of one
> > VAX on one
> > LAN (that weird MAC address which is specific to DEC), and the
> > Ethernet
> > interface of the Cisco router - which, if it was to be routing -
> > would have
> > been indicative of need to cross the boundaries, but which - being
> > that it is
> > identifying by tethereal as LAT, makes me wonder if it is not in
> > fact just
> > some broadcast reaching the router, but with no need to traverse it.
>
> What's the destination MAC address of those LAT messages?  LAT does
> broadcast services, IIRC.

Yes - it does - and so does ethereal decode this (broadcast).

>
> > Also - as all the VAXes on either side are supposed to boot locally
> > (MOP
> > part), I am wondering if the traffic I see being MOP related is not
> > - in
> > fact - visible just because I am bridging, not that it really needs
> > to cross
> > LANs ...
>
> At some point, you're probably going to have to break down and figure
> out what services your old boxen are really depending on.  "Just turn
> off bridging and see what breaks" is risky, because there may be
> "things that break" that you won't detect for quite a while (MOP
> booting, f'rinstance).
>
> For example:  Do your VAXen really boot off MOP?  If so, what do they
> boot from?

Locally.

I think I will place another sniffer on a mirrored/spanned port at the other 
router's ethernet interface, and try to find across-the-WAN parties (if any)

Thanks,
Stefan

More information about the cisco-nsp mailing list