On Sul, 2003-08-17 at 14:09, Carlos Velasco wrote:>
> >I can only think of one scenario where an arp request would come in
> >192.168.140.x to a router interface that has 192.168.128.1. That one
> >scenario is a misconfiguration.
Two virtual networks sharing the same lan is a perfectly valid one.
There since the router doesn't know how to reach 140.x it wouldnt reply,
if it also *is* 140.1 for example then it can reply if it wishes but I
see nothing in 826 requiring it does. In normal situations the routing
tables will indicate preferred routes and gateways.
> >I believe that reason we do the sanity check is because of basic IP
> >routing. If the source is not from an IP address on the interface we
> >received it on, we cannot reply to that IP address. It is simple as
Thats not true at the IP level for basic situations like asymmetric
> >As I stated, ARP is designed to be used on a LAN. This means that all
> >stations that send/receive ARP packets are on the same subnet. This
> >the reason we do the check.
Actual ARP is used on everything from 300 baud radio networks up
> >correctly. There is no case where a properly configured host should
> >send a ARP request for an IP address on a different subnet.
See above, multiple virtual networks.
> >not on the same network, then the host/router/client needs to find the
> >gateway which is on the local network
See "both are my address" case above
> >Basic and proper implementations of the TCP/IP stack should never ARP
> >for a device that it is not located on the same logical network the
> >is, the reason for this being they cannot communicate directly unless
See above, multiple lans co-existing.
> >I hope this clears up the reson why Cisco's ARP implementation has
> >safeguard you have found along with several others, HOWEVER, please
> >to RFC 1027, (http://www.ietf.org/rfc/rfc1027.txt) and under section
> >it contains the following paragraph:
RFC1027 covers proxy ARP only