[177113] in North American Network Operators' Group
RE: Charter ARP Leak
daemon@ATHENA.MIT.EDU (Phil Bedard)
Mon Dec 29 13:23:13 2014
X-Original-To: nanog@nanog.org
To: Jay Ashworth <jra@baylink.com>, NANOG <nanog@nanog.org>
From: Phil Bedard <bedard.phil@gmail.com>
Date: Mon, 29 Dec 2014 13:22:38 -0500
In-Reply-To: <11705148.752.1419875464156.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces@nanog.org
The CM is just a bridge for that traffic. It has a management IP assigned =
to it by the provider but that's a different network so to speak. =20
Phil
-----Original Message-----
From: "Jay Ashworth" <jra@baylink.com>
Sent: =E2=80=8E12/=E2=80=8E29/=E2=80=8E2014 12:52 PM
To: "NANOG" <nanog@nanog.org>
Subject: Re: Charter ARP Leak
----- Original Message -----
> From: "Brett Frankenberger" <rbf@rbfnet.com>
> On Mon, Dec 29, 2014 at 12:27:04PM -0500, Jay Ashworth wrote:
> > >
> > > Valdis, you are correct. What your seeing is caused by multiple IP
> > > blocks being assigned to the same CMTS interface.
> >
> > Am I incorrect, though, in believing that ARP packets should only be
> > visible
> > within a broadcast domain,
>=20
> broadcast domain !=3D subnet
Yeah; I didn't use the right term. That's why my networks are small. :-)
> > and that because of that, they should not be
> > being passed through a cablemodem attached to such a CMTS interface
> > unless
> > they're within the IP network in which that interface lives (which
> > is
> > probably not 0/0)?
> >
> > This sounds like a firmware bug in either the CMTS or the
> > cablemodem.
>=20
> int ethernet 0/0
> ip address 10.0.0.1 255.255.0.0
> ip address 11.0.0.1 255.255.0.0 secondary
> ip address 12.0.0.1 255.255.0.0 secondary
>=20
> The broadcast domain will have ARP broadcasts for all three subnets.
>=20
> Doing it over a CMTS doesn't change that.
Ok. But the interface to which the cablemodem is attached, in the general
single-DHCP-IP case, is a /24, is it not?
The example Valdis posted had 5 or 6 different /24s from all over the v4
address space; that seems exceptionally sloppy routing...
I have seen ARP-traffic-not-for-me come through a cablemodem in the past as
well, but it was *uniformly* for the /24 in which my modem's address lived
that day.
Cheers,
-- jra
--=20
Jay R. Ashworth Baylink jra@baylink.=
com
Designer The Things I Think RFC 2=
100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover =
DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1=
274
