From owner-freebsd-ipfw@FreeBSD.ORG Thu Aug 25 19:02:16 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96CE516A41F for ; Thu, 25 Aug 2005 19:02:16 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7A0643D46 for ; Thu, 25 Aug 2005 19:02:14 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id i1so204229wra for ; Thu, 25 Aug 2005 12:02:14 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YXq6yTKJwv5b+lH5tTxiIumGvD/a7AGdo6egSsGvyWwHMF8iJ+X5GQ70K1zvnaX99oeuQ7vVRCJlEpUygM9x7ixuIblxYKj11PumvsqtPvjKC0fTl3LABWip8fp5UbmGaQCxOelSgK91OPuaCgqrblWOO1KKsnCsMnWcabBFkQ0= Received: by 10.54.118.16 with SMTP id q16mr2377796wrc; Thu, 25 Aug 2005 12:02:13 -0700 (PDT) Received: by 10.54.39.18 with HTTP; Thu, 25 Aug 2005 12:02:13 -0700 (PDT) Message-ID: <8eea0408050825120271544730@mail.gmail.com> Date: Thu, 25 Aug 2005 12:02:13 -0700 From: Jon Simola Sender: jsimola@gmail.com To: Colin Dick In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: freebsd-ipfw@freebsd.org, lug@lug.kamloops.net Subject: Re: Differences is arp requests FreeBSD vs Linux X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Aug 2005 19:02:16 -0000 On 8/25/05, Colin Dick wrote: > My problem with my router dropping packets when moving to FreeBSD > 4.11 from Linux appears to be related to arp. This router sits between m= y > network and the upstream ADSL whole-sale ports. I had thought that the > upstream's Cisco was not advertising the customer local arps but that doe= s > not appear to be the case. It must have been a (?broken?) function of > Linux. Looks like you're in Kamloops. I'm doing the same in Prince George (almost certainly with the same provider), and we've had tons of problems with $upstream on these and related issues. > When I grep the who-has arp entries from tcpdump on Linux, I only > see addresses to or from the sub-interfaces (gateways) of the box. > When I grep the who-has arp entires from FreeBSD, I see the end > users local arps as well. With viruses and vulnerabilities the way they > are this increase in arps seems to be causing errors on the Cisco. I just recently worked through a problem with this. ARP storms on the Cisco's VLANs were causing major packet loss on the 155Mbps fibre. There was absolutely nothing I could fix on my router as the issue was with the design and implementation of $upstream's DSL network and their deviations from documentation that we were provided. The problems slowly ramped up and were a direct result of the number of DSL customers, and not the equipment we had in our network. > So, my question is, what can be done to silently discard the > customer local arps or emulate the way the Linux router is functioning > with ipfw? Is there a kernel opt that I can set at bootup? Am I on the > wrong track entirely? This has to be done at the Cisco or at the customer's site. If you think of the DSL network as a large switch, you can pretty quickly see that some issues come up. If you've got 99 customers with DSL (ignoring vpi/pvc stuff in the middle) then the Cisco functions as a 100 port switch, with your router hanging off of it and the 99 virtual ports sharing a single physical fibre. There's not much that can be done on your router's switch port to stop the other 99 from talking amongst themselves. I'm sure a lot of this is logical to a CCIE, but I learned the hard way that some of the recommendations from $upstream on DSL reselling were rather... imaginative. Email me privately if you have any further questions about $upstream. --=20 Jon Simola Systems Administrator ABC Communications