[c-nsp] Crypto and CEF
Gert Doering
gert at greenie.muc.de
Tue Jun 12 10:50:33 EDT 2007
Hi,
On Tue, Jun 12, 2007 at 06:22:45AM -0700, David Barak wrote:
> I first encountered "route to the (sub) interface" in
> the context of frame-relay subinterfaces. If there is
> another route to that IP address (for instance, a
> tie-down route, or something through another carrier),
> when the interface goes down,
For *point to point* interfaces, this does make very much sense.
For multipoint interfaces, adding routes without a next-hop IP address
means "the router has to do ARP for every single destination" - and it
will only work if there is a router on the other side that does proxy-ARP.
So this is a *baaaad* idea.
(Cisco: would you PLEASE turn off proxy-arp in the default config? It
doesn't help anything - it just hides misconfigurations in other places,
by making broken configurations "magically" work)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list