[86529] in North American Network Operators' Group
Re: Peering VLANs and MAC addresses
daemon@ATHENA.MIT.EDU (Steven Bakker)
Wed Nov 9 14:48:07 2005
From: Steven Bakker <steven.bakker@ams-ix.net>
To: Arnold Nipper <arnold@nipper.de>
Cc: steven.bakker@ams-ix.net,
Simon Brilus <sbrillus@blueyonder.co.uk>,
Ben Butler <ben.butler@c2internet.net>, nanog@merit.edu
In-Reply-To: <4371DD8B.2020903@nipper.de>
Date: Wed, 09 Nov 2005 20:47:31 +0100
Errors-To: owner-nanog@merit.edu
On Wed, 2005-11-09 at 12:29 +0100, Arnold Nipper wrote:
> no ip gratuitous-arps (general command)
>
> and
>
> no ip proxy-arp (interface subcommand)
>
>
> makes your IXP-Operator even more happier.
Depends on the IXP operator and the equipment being configured. Speaking
for my particular neck of the woods, I can say that whatever you can do
to shut up your L2 devices (including ripping them out and powering them
down) is a bonus. Yes, we also have the 1 MAC rule and this means that
badly configured (or manufactured) L2 devices will typically trigger
port security.
Proxy ARP should be off on all IXP facing devices, period.
Gratuitous ARP is something that we (AMS-IX) certainly don't object to.
We have an automated ARP sponge that will start faking ARP replies if it
sees too many queries for a particular IP address. It kicks in
automaticlly, and turns itself off automatically. Gratuitous ARPs help
it to shut up as soon as a downed device returns to life.
Some equipment is better behaved than others. L2/L3 hybrids are
notoriously difficult to shut up (hello, Cisco).
-- Steven
