[c-nsp] ARP strangeness

Frank Bulk - iName.com frnkblk at iname.com
Wed Jan 19 20:35:35 EST 2011


Phil, we're doing exactly this (pinging) for the Linksys BEFRS41 customers
that have complained, until we find a way to mitigate or work around the
problem.

Known options at this time:
a) replace the CPE with something else (thought a customer should be able to
choose their own CPE and not have this issue)
b) put that ONT Ethernet port in bi-directional mode, so it can receive
broadcasts (hard to manage through future changes)
c) allow the FTTH gear to router (it will do the ARP to the CPE, but this
breaks our path toward IPv6 because the FTTH vendor's is at least a year or
two away from sufficient IPv6 support to do that).

Frank

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Wednesday, January 19, 2011 5:24 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ARP strangeness

On 19/01/11 07:47, Frank Bulk - iName.com wrote:
> Keegan:
>
>
>
> You're correct - without broadcast support, re-population initiated from
the
> 7609 is impossible.  Once it's expired, the FTTH access gear's design,
which
> blocks broadcast traffic, makes it impossible for the CPE to respond to
the

I'm confused; Rodney mentioned up-thread that, in "newer" IOS, the
behaviour is different than many (myself included) had assumed. If I
understood him correctly:

  1. At expiry - 60 seconds, attempt to renew the ARP entry via unicast
  2. At expiry, attempt to renew the ARP entry via broadcast

Shouldn't the first step flow through the FTTH gear fine, and renew the
FDB entry?


Anyway - this is vile, but have you considered pinging the CPE from a
separate device as a way to keep the FDB entry alive?

We do this to keep "quiet hosts" in the FDB on our switches because the
mac-based-vlan implementation we're using is tied to FDB entry (not link
up/down state) and if a host goes quiet (like a printer not used in 5
minutes) the FDB entry (and vlan assignment) will expiry, and
unless/until the *host* sends a packet (which may be never) it's
unreachable.

We use "fping" every 4 minutes on 2 servers (offset by 2 minutes, so a
ping arrives every 120 nseconds) for this. We extract the IP addresses
from our registration database, but you could perhaps script it from a
walk of the 7600 ARP table (maybe even filter by OUI or MAC of the
devices you know need it?).

Just a thought...
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list