[c-nsp] ARP and less specific interface entries

Frank Bulk frnkblk at iname.com
Thu Mar 20 08:03:28 EDT 2008 

I'm not sure I fully understand what you said, but it appears plausible. =)

Thanks,

Frank

-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com] 
Sent: Wednesday, March 19, 2008 10:50 PM
To: Frank Bulk
Cc: 'Peter Hicks'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ARP and less specific interface entries

Frank,

CEF isn't architected to handle overlapping directly connected
subnets. We block most of those configurations from even being allowed.
I know we've missed some permutations before.

It has to do with how the /32 adjfib entries are programmed for the
/32 that maps from the FIB to the arp entry for the ip address.

Rodney

On Tue, Mar 18, 2008 at 11:03:08AM -0500, Frank Bulk wrote:
> I did do that at the time, and the debug said that it was creating an
> "Incomplete" for those IP addresses.
>
> 41w1d: IP ARP: creating incomplete entry for IP address: 10.1.4.208
> interface FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.4.208 0000.0000.0000 FastEthernet0.5
> 41w1d: IP ARP throttled out the ARP Request for 10.1.4.208
> 41w1d: IP ARP: creating incomplete entry for IP address: 10.1.50.201
> interface FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.50.201 0000.0000.0000 FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.0.51 0000.0000.0000 FastEthernet0.5
>
> Frank
>
> -----Original Message-----
> From: Peter Hicks [mailto:peter.hicks at poggs.co.uk]
> Sent: Tuesday, March 18, 2008 2:14 AM
> To: frnkblk at iname.com
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ARP and less specific interface entries
>
>
> Frank Bulk wrote:
>
> > Why won't overlapping subnets work on an interface? What does that have
to
> > do with the router's ability to ARP for an unknown MAC address? It's the
> > clients that are key, right? If they have the right mask and point to
the
> > right gateway, the packets should be accepted by the router. And as for
> the
> > router forwarding traffic to the clients, if they're locally connected,
> > whether they are more broadly or narrowly defined as being locally
> > connected, it just needs to ARP?
>
> Do a "debug arp" - are ARP who-has packets being broadcast for the
addresses
> on
> one of the secondary subnets that is causing you a problem?
>
> Do you see replies coming back?  Are they being rejected?
>
>
> Peter
>
> --
> Peter Hicks | e: my.name at poggs.co.uk | g: 0xE7C839F4 | w: www.poggs.com
>
>    A: Because it destroys the flow of the conversation
>    Q: Why is top-posting bad?
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list