 |
 |
On Dec 22, 2011, at 10:26 PM, Doug McIntyre wrote: > On Thu, Dec 22, 2011 at 09:17:08PM -0600, Andrew Hoyos wrote: >> On Dec 22, 2011, at 9:01 PM, Doug McIntyre wrote: >> >>> mac address limiting to tiny numbers, especially qty 1 won't work. >>> There are a lot of administrative packets that go across a link coming >>> from specific well-known MAC addresses, if that administrative packet >>> gets in before any real traffic, that administrative MAC address will >>> be learned and real traffic locked out. >>> >>> (this is mentioned in the JunOS documentation). >>> >> >> That's why you get those 'administrative packets' to not happen in the first place. >> No offense, but I don't want to see your cdp/lldp, ospf, stp, keepalives, etc. coming across the IX. > > There are other protocols that do take more than one MAC address that > some people might find required. For example, a JunOS RVI has two MAC > adddresses, the port address, and the RVI MAC address. I assume > a Cisco SVI would be the same, although I haven't dug into it. Yes, but if the switchport is properly configured, no frames should be emitted with the switchport mac address. We should only see the RVI/SVI mac addr. > Cisco UDLD also does broadcasts using a well-known MAC address. UDLD is proprietary, and most (if not all now?) of the exchange appears to be running on Juniper equipment, so it's not of much use to run anyway. 'udld disable' fixes that up. > I don't think it would be allowed anyway at the IX, but LACP and PAgP > are also ones to talk on different MAC addresses to setup the LAG before > talking real traffic. I'm sure there is some working config we could come up with in that case, if a participant did want LACP. I'd be curious if vendor implementations actually factor in the LACP packets to mac addr limits, since it's port to port, and they really don't transit outside of that. The only reason I'm pushing this too, is as the exchange grows, and more unfiltered layer2 traffic (and broken downstream L2 devices) enter the exchange, it *can* and *will* have a negative effect, as we've already seen once before. The model works well for IX's like Equinix, TIE, SIX, AMSIX, etc. I don't see a reason why it can't work here too, and prevent future issues. -- Andrew Hoyos [log in to unmask] ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1