On Dec 22, 2011, at 9:01 PM, Doug McIntyre wrote:
mac address limiting to tiny numbers, especially qty 1 won't work. There are a lot of administrative packets that go across a link coming from specific well-known MAC addresses, if that administrative packet gets in before any real traffic, that administrative MAC address will be learned and real traffic locked out.
(this is mentioned in the JunOS documentation).
That's why you get those 'administrative packets' to not happen in the first place. No offense, but I don't want to see your cdp/lldp, ospf, stp, keepalives, etc. coming across the IX. On an IX, realistically, we should only be seeing one router/mac address per port, and only IP traffic from said router. AMSIX has a good guide on how to make your devices be quiet for most platforms, here: http://www.ams-ix.net/config-guide/ Now, I could see making exceptions for devices which don't seem to have a way to be quiet, but in 99% of the cases here, a few lines of config can avoid this problem. -- Andrew Hoyos hoyosa@gmail.com ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1