nanog mailing list archives
Re: Peering VLANs and MAC addresses
From: Steven Bakker <steven.bakker () ams-ix net>
Date: Wed, 09 Nov 2005 20:47:31 +0100
On Wed, 2005-11-09 at 12:29 +0100, Arnold Nipper wrote:
no ip gratuitous-arps (general command) and no ip proxy-arp (interface subcommand) makes your IXP-Operator even more happier.
Depends on the IXP operator and the equipment being configured. Speaking for my particular neck of the woods, I can say that whatever you can do to shut up your L2 devices (including ripping them out and powering them down) is a bonus. Yes, we also have the 1 MAC rule and this means that badly configured (or manufactured) L2 devices will typically trigger port security. Proxy ARP should be off on all IXP facing devices, period. Gratuitous ARP is something that we (AMS-IX) certainly don't object to. We have an automated ARP sponge that will start faking ARP replies if it sees too many queries for a particular IP address. It kicks in automaticlly, and turns itself off automatically. Gratuitous ARPs help it to shut up as soon as a downed device returns to life. Some equipment is better behaved than others. L2/L3 hybrids are notoriously difficult to shut up (hello, Cisco). -- Steven
Current thread:
- Re: Peering VLANs and MAC addresses, (continued)
- Re: Peering VLANs and MAC addresses sthaug (Nov 09)
- Re: Peering VLANs and MAC addresses Randy Bush (Nov 09)
- Re: Peering VLANs and MAC addresses Mike Hughes (Nov 09)
- Re: Peering VLANs and MAC addresses Niels Bakker (Nov 11)
- Re: Peering VLANs and MAC addresses Alexander Koch (Nov 09)
- Re: Peering VLANs and MAC addresses Mike Hughes (Nov 09)
- Re: Peering VLANs and MAC addresses Christopher L. Morrow (Nov 09)
- Re: Peering VLANs and MAC addresses Blaine Christian (Nov 10)
- Re: Peering VLANs and MAC addresses Arnold Nipper (Nov 09)
- Re: Peering VLANs and MAC addresses Steven Bakker (Nov 09)