[c-nsp] Followup: ARP on ASR9k 4.3.2

Gert Doering gert at greenie.muc.de
Wed Feb 12 11:13:20 EST 2014


On Wed, Feb 12, 2014 at 07:42:01AM -0800, Michael Loftis wrote:
> Not surprising to me actually since this behavior is the default for
> Linux.  Linux will also respond to ARPs where it shouldn't (set an IP
> on an lo interface or just another interface, and it will ARP reply
> for that IP on other interfaces that it does not belong on).

*responding* to off-subnet ARPs is one thing (and can actually be turned
on and off on linux) - and if that is needed or triggered it usually 
hints at design problems elsewhere.  Cisco does that as well, having
proxy ARP on-by-default.

But that's very much different from accepting unsolicited off-subnet 
ARP replies and using them to send traffic somewhere it should not go
to (bad), make that the default (worse) and claim "this is how it
should be" (madness).

I don't think Linux does the latter, actually.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140212/613e894f/attachment.sig>

More information about the cisco-nsp mailing list