[39695] in North American Network Operators' Group
Re: Code Red
daemon@ATHENA.MIT.EDU (John Kristoff)
Fri Jul 20 10:44:10 2001
Message-ID: <3B584397.D835248F@depaul.edu>
Date: Fri, 20 Jul 2001 09:43:35 -0500
From: John Kristoff <jtk@depaul.edu>
Reply-To: jtk@aharp.is-net.depaul.edu
MIME-Version: 1.0
To: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Jeff Ogden wrote:
> is causing network problems due to heavy ARP loads when the local
> site routers ARP for what turn out to be unused IP addresses. This
> is an issue when there are large blocks of IP addresses behind a
> router. It is less of a problem when there is a relatively small
> number of IP addresses behind a router (say one class C worth). Are
> others seeing these sorts of problems? What strategies are there for
> dealing with this?
If addresses are contiguous, perhaps you could blackhole some of them
temporarily. It might be nice if there was a way to take a current ARP
table and freeze it. That is, mark all the entries as permanent, then
turn off ARP or dump destination IPs not in the ARP table into the bit
bucket. As long as the router continues to respond to ARP requests,
this might be a short term fix for that type of event.
John
