On Tue, 2005-03-15 at 11:24, Travis Bell wrote: > I wasn't clear on my question yesterday. Here's what I'm trying to do: > > We've got a /19 block of public IPs from our provider to give to > customers. > Because we want customers to have a public IP, as opposed to NATing a > private IP, they are essentially just plugged into my switch just on the > other side of the Cisco router from our T1s. > > Our Cisco router is ARP who-has'ing for the entire block of IPs (as it > should). > > I'd like to stick something between the Cisco router and the customers > that keeps them from getting so much ARP traffic. It seems like it's a > lot of traffic going through. Ethereal captured 1260 ARP packets in 10 > seconds. > > So is there anything I can do? Or is that much ARP traffic reasonable? to reduce the amount of ARP traffic, you'll have to segment the network into more than a single layer 2 broadcast domain. this means creating layer 2 VLANs. in order to maintain full connectivity, you'll normally want to divide your /19 to match up your layer 3 subnets to your layer 2 VLANs. a /19 is 8190 hosts on a single segment--which is not what i would call an efficient network design (as it leads to the exact problem you're seeing). normally, i won't create a layer 2 broadcast domain with more than 1024 hosts (/22 subnets at layer 3), even that could be pushing it (when they're all windows boxes). stick a robust layer 3 switch between the customers and the cisco router, create VLAN interfaces on the layer 3 switch for the customers to use as their default gateways, and use the cisco router as the default gateway for the layer 3 switch. -j -- "It takes two to lie. One to lie and one to listen." --The Simpsons
