RE: 3550 port-security and HSRP.

From: Alexander Arsenyev (GU/ETL) (alexander.arsenyev@ericsson.com)
Date: Wed Jul 06 2005 - 11:11:07 GMT-3

• Next message: ccie cs: "CCIE SP Workbook"
• Previous message: James Ventre: "Re: 3550 port-security and HSRP."
• Maybe in reply to: ccie2be: "RE: 3550 port-security and HSRP."
• Next in thread: Tom Lijnse: "RE: 3550 port-security and HSRP."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Offhand, Juniper boxes do not act on gratuitous arp by default. However, they can be configured to do so, see
http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-interfaces/html/interfaces-ethernet-config7.html
BTW, there is a spreadsheet showing ARP test results for various OSes:
http://www.arp-sk.org/arp_cache_poisoning.html
HTH,
Cheers
Alexander

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Tom Lijnse
Sent: 06 July 2005 14:41
To: James Ventre; ccielab@groupstudy.com
Subject: RE: 3550 port-security and HSRP.

Hi James,

I totally agree with you.

This answer was based on a lab scenario and therefore I did not bother
to put any warnings about real world use on it.

Maybe I should append a 'Don't try this at home...' banner to my posts
;-)

The reason 'use-bia' is less transparent than normal HSRP is exactly
that it depends on gratuitous arp, which, as you mention, hosts do not
necessarily have to honor. On the other hand, as far as I know the most
common OSes all honor the gratuitous arps.

Have you ever been bitten by this in real life? And if so, by which OS
or box?

Are there any others on this list who have found particular OSes/boxes
that don't listen to/react on gratuitous arps?

Regards,

Tom

-----Original Message-----
From: James Ventre [mailto:messageboard@ventrefamily.com]
Sent: woensdag 6 juli 2005 15:24
To: ccielab@groupstudy.com
Cc: Tom Lijnse
Subject: Re: 3550 port-security and HSRP.

In the real world you aught to be careful relying on the gratuitous
reply. Hosts are not obligated to accept the gratuitous ARP
reply/broadcast and update their table.

James

Tom Lijnse wrote:

>As far as I know 'use-bia' has similar convergence to normal HSRP. The
>only extra step is that when the Standby becomes Active it has to send
>out the gratuitous arp-replies and the hosts need to update their
>arp-caches, but as far as I can see that should only add milliseconds
to
>the convergence time. I haven't tested very extensively, but when I did
>use it, it never seemed slower than normal HSRP.

• Next message: ccie cs: "CCIE SP Workbook"
• Previous message: James Ventre: "Re: 3550 port-security and HSRP."
• Maybe in reply to: ccie2be: "RE: 3550 port-security and HSRP."
• Next in thread: Tom Lijnse: "RE: 3550 port-security and HSRP."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3