[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: brconfig and ARP

To: Tillman <tillman@hodgsonhouse.com>
Subject: Re: brconfig and ARP
From: Jason Wright <jason@thought.net>
Date: Thu, 1 Mar 2001 14:19:37 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20010228163427.D32245@server.hodgsonhouse.com>
User-Agent: Mutt/1.2.5i

On Wed, Feb 28, 2001 at 04:34:27PM -0600, Tillman wrote:
> Howdy,
> 
> I've bumped by brconfig maxaddr up to near-absurb levels, but I still see this
> ARP traffic coming through. None of it is for my machines or for my gateway,
> and I'f be fine with blocking all ARP traffic that isn't for me.  I could live
> with not having a decent ARP cache internally (I'd static my gateway's MAC).
> 
> It seems to me that as long as I have this nice bridge learning all these
> addresses that it ought to be able to determine "ARP request on outside
> segment, I already know the answer will come on the outside segment, why
> bother passing it inwards?".

ARP and bridges have -nothing- to do with each other.  ARP is for creating
IP->MAC associations and the bridge does not operate at that layer (3).
Increasing the cache size on the bridge increases the size of the MAC->port
association table.  You could checkout the 'rule' stuff with brconfig and
add rules to allow their router's MAC address to talk to your hosts, though.

On the otherhand, would it be worth adding -another- feature to the
bridge code: arp selective forwarding?  I think this violates the
model of an 802.1d bridge and might be difficult to get right.

--Jason L. Wright

Follow-Ups:
- Re: brconfig and ARP
  - From: Tillman <tillman@hodgsonhouse.com>

Prev by Date: Re: Quick bridging question
Next by Date: Re: fetchmail +SMTP error
Prev by thread: Re: Somebody successfully running StarOffice 5.2 ?
Next by thread: Re: brconfig and ARP
Index(es):
- Date
- Thread