[177112] in North American Network Operators' Group
Re: Charter ARP Leak
daemon@ATHENA.MIT.EDU (Chris Boyd)
Mon Dec 29 13:05:46 2014
X-Original-To: nanog@nanog.org
From: Chris Boyd <cboyd@gizmopartners.com>
In-Reply-To: <11705148.752.1419875464156.JavaMail.root@benjamin.baylink.com>
Date: Mon, 29 Dec 2014 12:05:33 -0600
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Dec 29, 2014, at 11:51 AM, Jay Ashworth <jra@baylink.com> wrote:
>=20
> Ok. But the interface to which the cablemodem is attached, in the =
general
> single-DHCP-IP case, is a /24, is it not?
No, I've seen multiple IPv4 /21s assigned to a single customer interface =
on a CMTS. The newer CMTS are beastly large boxes.
> The example Valdis posted had 5 or 6 different /24s from all over the =
v4
> address space; that seems exceptionally sloppy routing...
It's just the nature of having multiple secondary IP addresses on the =
same RF interface facing the customers
> I have seen ARP-traffic-not-for-me come through a cablemodem in the =
past as
> well, but it was *uniformly* for the /24 in which my modem's address =
lived
> that day.
Cable modems are typically bridges (at least the ones that Work Right, =
IMHO), so it makes sense that you'll see all layer 2 broadcasts. If you =
live in a small enough town, or have business class service on your =
modem, you may only see a smaller or single subnet. On the residential =
side in a larger town you'll see lots of layer 2 stuff.
--Chris
