RE: brconfig and ARP

[Josh Hoblitt <Josh.Hoblitt@bbox.net>]

Jason,

If your looking for something to work on at layer two I think must of us
would find multimode trunking vastly more usefull then selective arp
forwarding. 

-Josh

-----Original Message-----
From: Jason Wright
To: Tillman
Cc: misc@openbsd.org
Sent: 3/1/01 11:19 AM
Subject: Re: brconfig and ARP

On Wed, Feb 28, 2001 at 04:34:27PM -0600, Tillman wrote:
> Howdy,
> 
> I've bumped by brconfig maxaddr up to near-absurb levels, but I still
see this
> ARP traffic coming through. None of it is for my machines or for my
gateway,
> and I'f be fine with blocking all ARP traffic that isn't for me.  I
could live
> with not having a decent ARP cache internally (I'd static my gateway's
MAC).
> 
> It seems to me that as long as I have this nice bridge learning all
these
> addresses that it ought to be able to determine "ARP request on
outside
> segment, I already know the answer will come on the outside segment,
why
> bother passing it inwards?".

ARP and bridges have -nothing- to do with each other.  ARP is for
creating
IP->MAC associations and the bridge does not operate at that layer (3).
Increasing the cache size on the bridge increases the size of the
MAC->port
association table.  You could checkout the 'rule' stuff with brconfig
and
add rules to allow their router's MAC address to talk to your hosts,
though.

On the otherhand, would it be worth adding -another- feature to the
bridge code: arp selective forwarding?  I think this violates the
model of an 802.1d bridge and might be difficult to get right.

--Jason L. Wright