[86546] in North American Network Operators' Group
Re: Peering VLANs and MAC addresses
daemon@ATHENA.MIT.EDU (Mike Hughes)
Thu Nov 10 02:01:34 2005
Date: Thu, 10 Nov 2005 06:59:19 +0000 (GMT)
From: Mike Hughes <mike@smashing.net>
To: Randy Bush <randy@psg.com>
Cc: nanog@merit.edu
In-Reply-To: <17266.45551.606763.493523@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On Wed, 9 Nov 2005, Randy Bush wrote:
> thanks! this approaches reassuring. why does it tolerate 100
> macs? at first blush, i would think three or four would be a
> bad enough sign.
It's a balance to avoid unduly penalising a genuine mistake, or being too
severe against some poor guy with a router which is still forwarding but
has an interface in it's death throes (and is occasionally generating
bursts of crap frames), and making his problems even worse.
In our experience, you either see a handful of macs caused by there being
a shakily configured switch-router attached, a slightly larger number of
macs caused by something being broken, or a couple of hundred due to
either a physical loop being applied or leaking other vlans (true
badness).
It's also a relatively sensible default when you apply the "restrict"
behaviour.
Cheers,
Mike
