[c-nsp] ARP on ASR9k 4.3.2
Aaron
aaron1 at gvtc.com
Mon Feb 17 10:16:01 EST 2014
So 4.3.4 is not affected by this ?
I want to upgrade from 4.1.2 to 4.3.4. Anything I should be aware of that
y'all can think of off the top of your heads?
Aaron
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Andrew Koch
Sent: Thursday, January 16, 2014 12:03 PM
To: Gert Doering
Cc: Cisco NSP
Subject: Re: [c-nsp] ARP on ASR9k 4.3.2
Hi,
On Thu, Jan 16, 2014 at 06:32:04PM +0100, Florian Lohoff wrote:
> > We did the same while waiting for the SMU. The SMU should not be
> > needed for 4.3.2 - the "arp learning local" interface command should
> > be
built-in,
> > so hopefully you are good to go.
>
> RP/0/RSP0/CPU0:cr2(config-
> subif)#arp learning ?
> disable Disable dynamic learning of ARP entries
> RP/0/RSP0/CPU0:cr2(config-subif)#arp learning local
> ^ % Invalid input
> detected at '^' marker.
>
> Not in 4.3.2
Bah - 4.3.4 has the fix incorporated.
On Thu, Jan 16, 2014 at 11:50 AM, Gert Doering <gert at greenie.muc.de> wrote:
>
> > *ROFL* - Sending out gratious arp on a peering exchange lan can
> > blackhole traffic for others - IMHO thats an easy DoS vector - how
> > could that be "fairly"?
>
> "fairly effective"... "fairly nasty"... dunno.
>
"fairly minor" - I dropped a word on my initial response. However, I
would agree with your second choice.
Andrew
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list