[c-nsp] Unknown unicast only occuring when a host is under attack...
ML
ml at kenweb.org
Mon Mar 28 19:39:49 EDT 2011
On 3/26/2011 7:16 PM, Jeroen van Ingen wrote:
> With regard to proxy-arp and CAM table overflow: sorry, but I don't see
> that happening, not if we're still talking about CAM in the sense of
> "layer 2 forwarding tables".
>
> With proxy-arp enabled, a router will reply to any ARP request for
> addresses in networks that are reachable from the router (possibly
> including "default" route). However, the router will reply with its own
> MAC address; both as L2 source which is relevant for any intermediate
> switches, and with its MAC in the ARP payload which is relevant to the
> host that did the ARP request.
>
> No matter how many times the router acts as a proxy (by replying to ARP
> requests for host addresses on other networks), the router will only use
> one distinct source MAC for all packets it sends into the VLAN. And only
> the source MAC in a layer 2 frame is considered when building L2
> forwarding tables.
>
>
> Regards,
>
> Jeroen van Ingen
>
Very true. I was thinking from the POV of a L2 switch without a gateway
relying on proxy ARP. Unfortunately I've seen that too many times.
More information about the cisco-nsp
mailing list