Date: Thu, 25 Aug 2005 12:02:13 -0700 From: Jon Simola <jon@abccomm.com> To: Colin Dick <cdick@mail.ocis.net> Cc: freebsd-ipfw@freebsd.org, lug@lug.kamloops.net Subject: Re: Differences is arp requests FreeBSD vs Linux Message-ID: <8eea0408050825120271544730@mail.gmail.com> In-Reply-To: <Pine.LNX.4.58.0508251046370.29432@mail.ocis.net> References: <Pine.LNX.4.58.0508251046370.29432@mail.ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/25/05, Colin Dick <cdick@mail.ocis.net> wrote: > My problem with my router dropping packets when moving to FreeBSD > 4.11 from Linux appears to be related to arp. This router sits between m= y > network and the upstream ADSL whole-sale ports. I had thought that the > upstream's Cisco was not advertising the customer local arps but that doe= s > not appear to be the case. It must have been a (?broken?) function of > Linux. Looks like you're in Kamloops. I'm doing the same in Prince George (almost certainly with the same provider), and we've had tons of problems with $upstream on these and related issues. > When I grep the who-has arp entries from tcpdump on Linux, I only > see addresses to or from the sub-interfaces (gateways) of the box. > When I grep the who-has arp entires from FreeBSD, I see the end > users local arps as well. With viruses and vulnerabilities the way they > are this increase in arps seems to be causing errors on the Cisco. I just recently worked through a problem with this. ARP storms on the Cisco's VLANs were causing major packet loss on the 155Mbps fibre. There was absolutely nothing I could fix on my router as the issue was with the design and implementation of $upstream's DSL network and their deviations from documentation that we were provided. The problems slowly ramped up and were a direct result of the number of DSL customers, and not the equipment we had in our network. > So, my question is, what can be done to silently discard the > customer local arps or emulate the way the Linux router is functioning > with ipfw? Is there a kernel opt that I can set at bootup? Am I on the > wrong track entirely? This has to be done at the Cisco or at the customer's site. If you think of the DSL network as a large switch, you can pretty quickly see that some issues come up. If you've got 99 customers with DSL (ignoring vpi/pvc stuff in the middle) then the Cisco functions as a 100 port switch, with your router hanging off of it and the 99 virtual ports sharing a single physical fibre. There's not much that can be done on your router's switch port to stop the other 99 from talking amongst themselves. I'm sure a lot of this is logical to a CCIE, but I learned the hard way that some of the recommendations from $upstream on DSL reselling were rather... imaginative. Email me privately if you have any further questions about $upstream. --=20 Jon Simola Systems Administrator ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea0408050825120271544730>