On 8/25/05, Colin Dick <[EMAIL PROTECTED]> wrote: > My problem with my router dropping packets when moving to FreeBSD > 4.11 from Linux appears to be related to arp. This router sits between my > network and the upstream ADSL whole-sale ports. I had thought that the > upstream's Cisco was not advertising the customer local arps but that does > not appear to be the case. It must have been a (?broken?) function of > Linux.
Looks like you're in Kamloops. I'm doing the same in Prince George (almost certainly with the same provider), and we've had tons of problems with $upstream on these and related issues. > When I grep the who-has arp entries from tcpdump on Linux, I only > see addresses to or from the sub-interfaces (gateways) of the box. > When I grep the who-has arp entires from FreeBSD, I see the end > users local arps as well. With viruses and vulnerabilities the way they > are this increase in arps seems to be causing errors on the Cisco. I just recently worked through a problem with this. ARP storms on the Cisco's VLANs were causing major packet loss on the 155Mbps fibre. There was absolutely nothing I could fix on my router as the issue was with the design and implementation of $upstream's DSL network and their deviations from documentation that we were provided. The problems slowly ramped up and were a direct result of the number of DSL customers, and not the equipment we had in our network. > So, my question is, what can be done to silently discard the > customer local arps or emulate the way the Linux router is functioning > with ipfw? Is there a kernel opt that I can set at bootup? Am I on the > wrong track entirely? This has to be done at the Cisco or at the customer's site. If you think of the DSL network as a large switch, you can pretty quickly see that some issues come up. If you've got 99 customers with DSL (ignoring vpi/pvc stuff in the middle) then the Cisco functions as a 100 port switch, with your router hanging off of it and the 99 virtual ports sharing a single physical fibre. There's not much that can be done on your router's switch port to stop the other 99 from talking amongst themselves. I'm sure a lot of this is logical to a CCIE, but I learned the hard way that some of the recommendations from $upstream on DSL reselling were rather... imaginative. Email me privately if you have any further questions about $upstream. -- Jon Simola Systems Administrator ABC Communications _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
