[c-nsp] Crypto and CEF

Gert Doering gert at greenie.muc.de
Tue Jun 12 10:50:33 EDT 2007


Hi,

On Tue, Jun 12, 2007 at 06:22:45AM -0700, David Barak wrote:
> I first encountered "route to the (sub) interface" in
> the context of frame-relay subinterfaces.  If there is
> another route to that IP address (for instance, a
> tie-down route, or something through another carrier),
> when the interface goes down, 

For *point to point* interfaces, this does make very much sense.

For multipoint interfaces, adding routes without a next-hop IP address
means "the router has to do ARP for every single destination" - and it
will only work if there is a router on the other side that does proxy-ARP.

So this is a *baaaad* idea.


(Cisco: would you PLEASE turn off proxy-arp in the default config?  It
doesn't help anything - it just hides misconfigurations in other places,
by making broken configurations "magically" work)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list