[177110] in North American Network Operators' Group
Re: Charter ARP Leak
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Dec 29 12:54:10 2014
X-Original-To: nanog@nanog.org
Date: Mon, 29 Dec 2014 12:52:33 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: "Rampley Jr, Jim F" <jim.rampley@charter.com>
In-Reply-To: <D0C6E668.796D7%jim.rampley@charter.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Dec 29, 2014 at 11:12:34AM -0600, Rampley Jr, Jim F wrote:
> On 12/29/14, 10:49 AM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
> wrote:
>
> >On Mon, 29 Dec 2014 03:44:48 +0000, "Stephen R. Carter" said:
> >> Here is a small excerpt I am seeing.
> >>
> >> 06:04:04.760869 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype
> >>ARP (0x0806), length 60: arp who-has 97.85.59.219 tell 97.85.58.1
> >> 06:04:04.761950 In 00:21:a0:fb:53:d9 > ff:ff:ff:ff:ff:ff, ethertype
> >>ARP (0x0806), length 60: arp who-has 75.135.155.27 tell 75.135.152.1
> >
> >The interesting thing is that they're all .1 addresses. It's almost as if
> >the one broadcast domain has at least 7 different address spaces on it.
>
> Valdis, you are correct. What your seeing is caused by multiple IP blocks
> being assigned to the same CMTS interface.
I would be way more interested in seeing the NDP entries than the ARP
entries.
- Jared
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
