On Dec 22, 2011, at 9:01 PM, Doug McIntyre wrote: > mac address limiting to tiny numbers, especially qty 1 won't work. > There are a lot of administrative packets that go across a link coming > from specific well-known MAC addresses, if that administrative packet > gets in before any real traffic, that administrative MAC address will > be learned and real traffic locked out. > > (this is mentioned in the JunOS documentation). > That's why you get those 'administrative packets' to not happen in the first place. No offense, but I don't want to see your cdp/lldp, ospf, stp, keepalives, etc. coming across the IX. On an IX, realistically, we should only be seeing one router/mac address per port, and only IP traffic from said router. AMSIX has a good guide on how to make your devices be quiet for most platforms, here: http://www.ams-ix.net/config-guide/ Now, I could see making exceptions for devices which don't seem to have a way to be quiet, but in 99% of the cases here, a few lines of config can avoid this problem. -- Andrew Hoyos [log in to unmask] ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1