On Thu, Dec 22, 2011 at 09:17:08PM -0600, Andrew Hoyos wrote:
On Dec 22, 2011, at 9:01 PM, Doug McIntyre wrote:
mac address limiting to tiny numbers, especially qty 1 won't work. There are a lot of administrative packets that go across a link coming from specific well-known MAC addresses, if that administrative packet gets in before any real traffic, that administrative MAC address will be learned and real traffic locked out.
(this is mentioned in the JunOS documentation).
That's why you get those 'administrative packets' to not happen in the first place. No offense, but I don't want to see your cdp/lldp, ospf, stp, keepalives, etc. coming across the IX.
There are other protocols that do take more than one MAC address that some people might find required. For example, a JunOS RVI has two MAC adddresses, the port address, and the RVI MAC address. I assume a Cisco SVI would be the same, although I haven't dug into it. Cisco UDLD also does broadcasts using a well-known MAC address. I don't think it would be allowed anyway at the IX, but LACP and PAgP are also ones to talk on different MAC addresses to setup the LAG before talking real traffic. -- Doug McIntyre <merlyn@iphouse.net> -- ipHouse/Goldengate/Bitstream/ProNS -- Network Engineer/Provisioning/Jack of all Trades ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1