Interesting - today I've learned that although IOS XR has Proxy ARP disabled by default, IOS XE has it enabled by default:
nuveragw1#show ip int te0/3/0 | i ARP
Proxy ARP is enabled
RP/0/RSP0/CPU0:bbvgw1#show ip int te0/0/0/2 | i ARP
Proxy ARP is disabled
I’d agree that it’s not expected behavior in this context, so will disable it on Nuvera’s XE router.
Thanks for making me smarter,
anthony
From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET]
On Behalf Of Matthew Beckwell
Sent: Thursday, August 16, 2018 5:01 PM
To: MICE-DISCUSS@LISTS.IPHOUSE.NET
Subject: Re: [MICE-DISCUSS] Routing of non-IX traffic
I'm getting similar behavior as Frank.
Like Doug, I only have 45.60.73.0/24 from transit connections.
So a traceroute from my MICE interface should ARP and die (I would think)....
When I traceroute to 45.60.73.16-- my router sends out an ARP request, as expected.
But...I get ARP replies for 45.60.73.16 from these Cisco MACs (in the order they came into my interface):
|
00:23:33:c6:a0:c0 |
206.108.255.50 |
Cooperative Network Services (CNS) |
32609 |
|
e4:aa:5d:83:73:06 |
206.108.255.47 |
IVDesk |
393639 |
|
88:43:e1:00:f2:10 |
206.108.255.18 |
Consolidated Communications |
12042 |
|
b0:aa:77:33:7b:03 |
206.108.255.79 |
Gigamonster, LLC |
31939 |
|
3c:08:f6:81:6e:a5 |
206.108.255.46 |
OneNetUSA |
46131 |
|
00:1d:e5:c0:78:c3 |
206.108.255.5 |
Implex |
21709 |
|
54:75:d0:e6:08:30 |
206.108.255.106 |
Nuvera Communications |
23465 |
|
00:11:5d:82:6c:00 |
206.108.255.80 |
Future Technologies |
26451 |
Proxy ARP (or something like it)?
CNS seems to be consistently coming in first place when I clear my ARP entry.
On Thu, Aug 16, 2018 at 3:25 PM, Frank Bulk <fbulk@mypremieronline.com> wrote:
When I force a traceroute to originate from our MICE-facing connection, the first hop is 206.108.255.50 (AS32609 aka CNS). Any reason why?
To making things more interesting, Incapsula-destined traffic goes via Paul Bunyan. Here's just one example:
traceroute to www.yamaha-dealers.com (45.60.73.16), 30 hops max, 60 byte packets
1 AS32609.micemn.net (206.108.255.50) 14.059 ms 14.084 ms 14.076 ms
2 cns70.cnsllc.net (205.149.150.9) 18.484 ms 18.434 ms 18.507 ms
3 fg30.ips.cnsllc.net (205.149.150.30) 20.254 ms 20.346 ms 20.267 ms
4 crss2.PaulBunyan.net (205.149.159.197) 20.527 ms 20.562 ms 20.619 ms
5 cra.PaulBunyan.net (205.149.159.181) 23.398 ms fp233.ips.PaulBunyan.net (205.149.159.233) 22.669 ms cra.PaulBunyan.net (205.149.159.181) 23.393 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
SiouxCenter-Arista-North(s1)
The reason I stumbled across this is because we've had more than a dozen customers over the last month complain about access to Incapsula-protected sites. Packet captures show TCP RSTs coming from the far side.
Regards,
Frank Bulk
AS53347
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1