Presentation is loading. Please wait.

Presentation is loading. Please wait.

2011-11-03 RIPE63 – EIX Working Group Wolfgang Tremmel Director Support Proxy-Arp considered harmful.

Published bySamuel Barraclough Modified over 9 years ago

Similar presentations

Presentation on theme: "2011-11-03 RIPE63 – EIX Working Group Wolfgang Tremmel Director Support Proxy-Arp considered harmful."— Presentation transcript:

1

2 2011-11-03 RIPE63 – EIX Working Group Wolfgang Tremmel Director Support wolfgang.tremmel@de-cix.net Proxy-Arp considered harmful

3 #3 Internet 80.81.192.0/22 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22 Internet

4 #4 Internet 80.81.192.0/22 Internet 80.81.192.0/23 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22

5 #5 Internet 80.81.192.0/22 Internet Accepted: 80.81.192.0/23 Accepted: 80.81.192.0/23 blocked 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22

6 #6 Internet 80.81.192.0/22 Internet Accepted: 80.81.192.0/23 Accepted: 80.81.192.0/23 blocked 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22

7 #7 Internet 80.81.192.0/22 Internet Accepted: 80.81.192.0/23 Accepted: 80.81.192.0/23 blocked No proxy-arp 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22

8 #8 Internet 80.81.192.0/22 Internet Accepted: 80.81.192.0/23 Accepted: 80.81.192.0/23 blocked No proxy-arp Send Traffic for 80.81.193.1 to me! 80.81.194.A/2280.81.195.B/22 80.81.194.C/22 80.81.192.D/22 80.81.193.E/22

9 RFC 1027: „ Using ARP to Implement Transparent Subnet Gateways” –1987: A network with 100 hosts was considered large –Repeaters were common –Subnetting was „the new thing“ –Proxy-Arp was a solution for connecting networks in which hosts were not aware of subnetting Proxy-Arp „on“ as default in Cisco IOS since version 9 at least Do we still need this? Proxy-ARP: a history #9

10 Before the incidend we only tested proxy-arp when new customers connected Configuration changes went unnoticed Now: –We test all connected customers for proxy-arp every 10 minutes –In case we find one: 24/7 support gets a message Customer is notified Customer port gets shut down As soon customer confirmes he has turned off proxy-arp he gets re-enabled DE-CIX: Lessons learned #10

11 Thank you Join DE-CIX now! DE-CIX Competence Center Lindleystrasse 12 60314 Frankfurt/Germany Phone +49 69 1730 902 - 0 info@de-cix.net 11. Oktober 2014 – DE-CIX Management GmbH #11 DE-CIX Competence Center @ Kontorhaus Building Frankfurt Osthafen (Docklands)

Download ppt "2011-11-03 RIPE63 – EIX Working Group Wolfgang Tremmel Director Support Proxy-Arp considered harmful."

Similar presentations

1 © 2001, Cisco Systems, Inc. Updated_03-09-01 Mobile IP Lessons Learned The early years.

1 © 2001, Cisco Systems, Inc. Updated_ Mobile IP Lessons Learned The early years.
Virtual Trunk Protocol

Virtual Trunk Protocol
Cutting Edge Interconnection for DE-CIX members

Cutting Edge Interconnection for DE-CIX members
Introduction to IP Routing Geoff Huston

Introduction to IP Routing Geoff Huston
Deploying IPv6: The time is now Are you ready? SFTA 24 May 2012 John Curran President and CEO, ARIN.

Deploying IPv6: The time is now Are you ready? SFTA 24 May 2012 John Curran President and CEO, ARIN.
Migration to IPv6 – Has Tomorrow Finally Arrived? John Curran ARIN President & CEO.

Migration to IPv6 – Has Tomorrow Finally Arrived? John Curran ARIN President & CEO.
REQ.24.4.1 Enrollment in Demand Response Programs Process Flow Engineering Firm Retail Customer Demand Response Service Provider (DRSP) Distribution Company.

REQ Enrollment in Demand Response Programs Process Flow Engineering Firm Retail Customer Demand Response Service Provider (DRSP) Distribution Company.
ADQ Implementation Avitech’s Approach and Experience

ADQ Implementation Avitech’s Approach and Experience
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
SWERN User Group, Exeter26 January 2011 SIP Trunk Overview Session VoIP Unlimited has been providing business grade SIP trunks since Feb 2006. This session.

SWERN User Group, Exeter26 January 2011 SIP Trunk Overview Session VoIP Unlimited has been providing business grade SIP trunks since Feb This session.
31.03.2011-ZMQS- 1. 2 31.03.2011 -ZMQS- 3 31.03.2011.

ZMQS ZMQS
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.

© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
1 2007 D-Link Switch Training ©Copyright 2007. By D-Link HQ TSD James Chu.

D-Link Switch Training ©Copyright By D-Link HQ TSD James Chu.
SCI router acts as a gateway such that SCI and SNI are on

SCI router acts as a gateway such that SCI and SNI are on
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
What is access control list (ACL)?

What is access control list (ACL)?
Lecturer, Department of Computer Application

Lecturer, Department of Computer Application
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Subnetting IP Networks Network Fundamentals.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Subnetting IP Networks Network Fundamentals.
Spring 2014 RMS/EOC Proctor Caching Training. Agenda 2 Proctor caching overview Downloading & installing Cache test content.

Spring 2014 RMS/EOC Proctor Caching Training. Agenda 2 Proctor caching overview Downloading & installing Cache test content.

Similar presentations

Ads by Google