25 Mar
2018
25 Mar
'18
7:55 a.m.
Lately I see a number of gateways that are registered without subnets, but still they send
traffic.
When tracing it, it appears to be usually traffic like MikroTik neighbor discovery.
It gets logged in our firewall because it is IP-encap traffic coming from an address that
is not in the
IP-encap routing table. And it isn't in the IP-encap routing table because that
gateway does not have
subnets.
Would it be an idea to not send the RIP announcements to gateways without a registered
subnet?
It would not be useful to them anyway, I think.
Rob
25 Mar
25 Mar
8 a.m.
Rob,
The RIP sender sends RIP only to gateways listed in the encap table,
unless a bug has surfaced that I wasn't aware of. That code has been
stable for several years, so I doubt it.
- Brian
On Sun, Mar 25, 2018 at 02:55:43PM +0200, Rob Janssen wrote:
Lately I see a number of gateways that are registered
without subnets, but still they send traffic.
When tracing it, it appears to be usually traffic like MikroTik neighbor discovery.
It gets logged in our firewall because it is IP-encap traffic coming from an address that
is not in the
IP-encap routing table.?? And it isn't in the IP-encap routing table because that
gateway does not have
subnets.
Would it be an idea to not send the RIP announcements to gateways without a registered
subnet?
It would not be useful to them anyway, I think.
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
8:49 a.m.
Greetings,
On Sun, 25 Mar 2018, Rob Janssen wrote:
Lately I see a number of gateways that are registered
without subnets, but
still they send traffic.
When tracing it, it appears to be usually traffic like MikroTik neighbor
discovery.
It gets logged in our firewall because it is IP-encap traffic coming from an
address that is not in the
IP-encap routing table. And it isn't in the IP-encap routing table because
that gateway does not have
subnets.
Would it be an idea to not send the RIP announcements to gateways
without a registered subnet? It would not be useful to them anyway, I
think.
# cat encap.txt | grep /32 | wc -l
130
Of 688 entries in the ENCAP.TXT table there are 130 that are /32 single
IP host. That's about 19% of all routes that ONLY reach ONE host and do
NOT serve a subnet or provide gateway services for anyone else.
I too wonder why these single host routes are allowed????
--- Jay WB8TKL
Hamgate.Washtenaw.AMPR.Org, serving 3 /24 subnets in 3 counties
4:31 p.m.
What is wrong with a single host gateway? O better phrased like a
gateway with a /32 subnet.
So it is just a single computer on the ampr network via a public IP. So
what's wrong with that?
Marius, YO2LOJ
On 25.03.2018 16:49, Jay Nugent wrote:
Greetings,
On Sun, 25 Mar 2018, Rob Janssen wrote:
Lately I see a number of gateways that are
registered without
subnets, but still they send traffic.
When tracing it, it appears to be usually traffic like MikroTik
neighbor discovery.
It gets logged in our firewall because it is IP-encap traffic coming
from an address that is not in the
IP-encap routing table. And it isn't in the IP-encap routing table
because that gateway does not have
subnets.
Would it be an idea to not send the RIP announcements to gateways
without a registered subnet? It would not be useful to them anyway, I
think.
# cat encap.txt | grep /32 | wc -l
130
Of 688 entries in the ENCAP.TXT table there are 130 that are /32
single IP host. That's about 19% of all routes that ONLY reach ONE
host and do NOT serve a subnet or provide gateway services for anyone
else.
I too wonder why these single host routes are allowed????
--- Jay WB8TKL
Hamgate.Washtenaw.AMPR.Org, serving 3 /24 subnets in 3 counties
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2437
days inactive
2437
days old
3 comments
4 participants
participants (4)
-
Brian Kantor -
Jay Nugent -
Marius Petrescu -
Rob Janssen