[j-nsp] ethernet promisc mode

Wed Oct 8 12:11:26 EDT 2003

On Wed, Oct 08, 2003 at 11:40:39AM -0400, Avram Dorfman wrote:
> Richard,
> 
> Getting the ethernet into promiscuous mode wouldn't solve your problem. 
> If the packets it picks up don't have the RE as a destination IP 
> address on them, they're just going to get forwarded according to the 
> forwarding table anyway (presumable back out that interface, and get 
> picked up again, causing a forwarding loop).
> 
> This is a dangerous idea anyway, because there is only a fast-e between 
> the FE and the RE. It would be extremely easy to saturate it, and that 
> can break things, and put a dangerous load on the CPU (I assume this is 
> an active router).

Yes well,

  MAC statistics:                      Receive         Transmit
    Total octets                          9234                0
    Total packets                           27                0
    Unicast packets                         27                0

Somehow I don't think this awesome packet load will put the RE under too 
much strain. :) Honestly though, I'd like to see an end to that argument. 
There are a million ways to blow up a router, including logging too much 
data under a firewall term, and yet that command is still included because 
it has useful diagnostic functions which haven't been completely outlawed 
because some tards killed their routers and called jtac (yet anyways). If 
you want to make it safer, put in some default rate-limits, but please 
don't bypass useful features because someone might do something stupid 
with them.

But yes I see your point, I'm looking for a way to force packets to the RE
for analysis as well. You can't put a firewall on a CCC family so you
can't even log things that way.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)