[rbak-nsp] route table poisoning ? (unsolicited ARP replay reaction) ?

Rafal golem at mtm-info.pl
Thu Jun 2 06:26:55 EDT 2016


Hello Marcin,


From SEOS changelog:

229140
ARP
Logs are filled with ARP complaint messages.
12.1.1.8

233456
ARP
“ARP-6-INFO: Unsolicited Arp” logs are generated after upgrading from SEOS-6.1.5.8p1-Release to 12.1.1.6p1-Release.

Thursday, June 2, 2016, 11:26:06 AM, you wrote:



> In log file I have a lot of:
> May 30 04:09:15: %ARP-6-INFO: Unsolicited ARP reply from 192.168.0.120
> (c4:54:44:da:a5:e4)

> as a result:
> [bgp1]R0_SE600#show ip ro
> [bgp1]R0_SE600#show ip route 192.168.0.120
>     Longest match Routing entry for 192.168.0.120/32 is 192.168.0.120/32
> , version: 3705203
>     Route Uptime: 7062w0d
>     Paths: total 1, best path count 1

>     Route has been downloaded to following slots
>       iPPA: 01

>     Path information :

>       Active path :  
>        Known via adjacency, type-hidden route, distance 254, metric 0,
>       Tag 0, Next-hop 192.168.0.120, NH-ID 0x345001A4, Adj ID: slot
> number=0, adj id=0x1a3, Interface vlan110
>       Circuit 1/1:511:63:31/1/2/1022
>       External Circuit :  1/1 vlan-id 110
> [bgp1]R0_SE600#


> Now - how to make it to ignore such ARP replays ?


> VLAN 110 is a static bind interface towards Internet Exchange Point.

> Regards,
> Marcin

> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp



-- 
Best regards,
Ozga Rafal                          mailto:golem at mtm-info.pl



More information about the redback-nsp mailing list