Re: Charter ARP Leak

[Jay Ashworth <jra () baylink com>]

----- Original Message -----
> From: "Brett Frankenberger" <rbf () rbfnet com>

> On Mon, Dec 29, 2014 at 12:27:04PM -0500, Jay Ashworth wrote:
> > > Valdis, you are correct. What your seeing is caused by multiple IP
> > > blocks being assigned to the same CMTS interface.
> >
> > Am I incorrect, though, in believing that ARP packets should only be
> > visible
> > within a broadcast domain,
>
> broadcast domain != subnet

Yeah; I didn't use the right term.  That's why my networks are small.  :-)

> > and that because of that, they should not be
> > being passed through a cablemodem attached to such a CMTS interface
> > unless
> > they're within the IP network in which that interface lives (which
> > is
> > probably not 0/0)?
> >
> > This sounds like a firmware bug in either the CMTS or the
> > cablemodem.
>
> int ethernet 0/0
> ip address 10.0.0.1 255.255.0.0
> ip address 11.0.0.1 255.255.0.0 secondary
> ip address 12.0.0.1 255.255.0.0 secondary
>
> The broadcast domain will have ARP broadcasts for all three subnets.
>
> Doing it over a CMTS doesn't change that.

Ok.  But the interface to which the cablemodem is attached, in the general
single-DHCP-IP case, is a /24, is it not?

The example Valdis posted had 5 or 6 different /24s from all over the v4
address space; that seems exceptionally sloppy routing...

I have seen ARP-traffic-not-for-me come through a cablemodem in the past as
well, but it was *uniformly* for the /24 in which my modem's address lived
that day.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274