[c-nsp] unwanted "arp reply" traffic at IX
Chris Caputo
ccaputo at alt.net
Fri Nov 16 10:37:48 EST 2007
We have two participants at our IX who are spewing out broadcast ARP
"reply" packets onto the fabric.
In both cases, the participants are running Cisco routers that have
customer ATM based DSL circuits on other interfaces.
"no ip mobile arp" an "no ip proxy-arp" on the ATM or IX facing
interfaces have not stopped the apparent gratuitous ARPs.
Example packets:
--
02:54:23.499656 00:16:46:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 60: arp reply 208.x.y.z is-at 00:16:46:xx:xx:xx
02:58:12.711979 00:01:c9:yy:yy:yy > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 60: arp reply 206.a.b.c is-at 00:01:c9:yy:yy:yy
--
IX ARP traffic should only pertain to the IX block, nor should there be
any broadcast ARP replies on a regular basis.
Anyone one have any ideas on the best way to stop these?
Thanks,
Chris
More information about the cisco-nsp
mailing list