[c-nsp] Followup: ARP on ASR9k 4.3.2
Gert Doering
gert at greenie.muc.de
Wed Feb 12 11:13:20 EST 2014
Hi,
On Wed, Feb 12, 2014 at 07:42:01AM -0800, Michael Loftis wrote:
> Not surprising to me actually since this behavior is the default for
> Linux. Linux will also respond to ARPs where it shouldn't (set an IP
> on an lo interface or just another interface, and it will ARP reply
> for that IP on other interfaces that it does not belong on).
*responding* to off-subnet ARPs is one thing (and can actually be turned
on and off on linux) - and if that is needed or triggered it usually
hints at design problems elsewhere. Cisco does that as well, having
proxy ARP on-by-default.
But that's very much different from accepting unsolicited off-subnet
ARP replies and using them to send traffic somewhere it should not go
to (bad), make that the default (worse) and claim "this is how it
should be" (madness).
I don't think Linux does the latter, actually.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140212/613e894f/attachment.sig>
More information about the cisco-nsp
mailing list