I think there may be a misunderstanding as to whether I think proxy-ARP is a good thing, or should be left on everywhere. I don't; I believe it should be turned off wherever possible. However, I can at the same time understand Cisco's reasoning for leaving it on by default. As others have stated, if the default were changed now it will break networks. Not likely networks for the vast majority of cisco-nsp users manage, but nonetheless a significant number of networks.
So, Cisco could change the default and even put a big fat warning in the release notes, which most of their customers won't read anyway. And it will cause problems. And people with a clue will manage, but those without will blame Cisco. Or, Cisco could go with the status quo, which is to have proxy-ARP enabled by default. Those without a clue will continue to install new networks with proxy-ARP enabled. It will cause some inefficiencies and is unfortunate. However, existing networks that may require proxy-ARP will continue to function. And, those with a clue will continue to install new networks with it disabled and remove it from those networks where it is enabled when possible. Some people would obviously prefer the prize behind door #1. I'd prefer to choose door #2. Thanks, Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, March 22, 2008 12:36 PM To: Fred Reimer Cc: [EMAIL PROTECTED]; [email protected] Subject: Re: [c-nsp] Proxy ARP -- To disable, or not to disable.. > "brainwashed crap" Are you trolling? It's quite clear that proxy ARP doesn't *have* to be turned on (proof by example: Juniper M series routers). > If you read the RFC's for gateway requirements it does not say that gateways > MUST or SHOULD use proxy ARP. However, it is strongly suggestive that most > gateways DO use proxy ARP, and makes references to other RFC's which state > plainly that it is in common use. "Because it has to be" refers to the need > for it is most clueless networks where the network administrators don't > understand octet boundary subnetting, let alone subnet boundaries on any bit > position or, God help them, variable subnet masks. And the opinion of lots of people (myself included) is that leaving proxy ARP on here is likely to create much more problems than it solves. The Cisco default *may* have been sensible many years ago. In 2008 it's an extremely bad default. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
