On Sul, 2003-08-17 at 14:09, Carlos Velasco wrote:> > >I can only think of one scenario where an arp request would come in > from > >192.168.140.x to a router interface that has 192.168.128.1. That one > >scenario is a misconfiguration. Two virtual networks sharing the same lan is a perfectly valid one. There since the router doesn't know how to reach 140.x it wouldnt reply, if it also *is* 140.1 for example then it can reply if it wishes but I see nothing in 826 requiring it does. In normal situations the routing tables will indicate preferred routes and gateways. > >I believe that reason we do the sanity check is because of basic IP > >routing. If the source is not from an IP address on the interface we > >received it on, we cannot reply to that IP address. It is simple as > that. Thats not true at the IP level for basic situations like asymmetric routing. > >As I stated, ARP is designed to be used on a LAN. This means that all > >stations that send/receive ARP packets are on the same subnet. This > is > >the reason we do the check. Actual ARP is used on everything from 300 baud radio networks up > >correctly. There is no case where a properly configured host should > ever > >send a ARP request for an IP address on a different subnet. See above, multiple virtual networks. > >not on the same network, then the host/router/client needs to find the > >gateway which is on the local network See "both are my address" case above > >Basic and proper implementations of the TCP/IP stack should never ARP > out > >for a device that it is not located on the same logical network the > host > >is, the reason for this being they cannot communicate directly unless See above, multiple lans co-existing. > >I hope this clears up the reson why Cisco's ARP implementation has > this > >safeguard you have found along with several others, HOWEVER, please > refer > >to RFC 1027, (http://www.ietf.org/rfc/rfc1027.txt) and under section > 2.4, > >it contains the following paragraph: RFC1027 covers proxy ARP only - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
