warner@ucscc.UCSC.EDU (Jim Warner - UCSC Computer Center) (04/30/91)
There's a bug in gateway software versions 8.2(1) thru ..(3) that can cause what looks like broadcast leakage between subnets. The symptoms are a little mysterious since the problem appears to be intermittant, depending on the life time of arp-cache entries in your hosts. If an AGS recieves a IP subnet broadcast that is Ethernet-mac-layer addressed to the interface (i.e. not an all 1's broadcast) and if a helper address is defined on that interface, then *all* such packets will be forwarded to the helper address. If your helper address is itself a subnet broadcast address, you'll have what looks like inter-subnet broadcast leakage. The bug is that all such packets are supposed to be checked against a list of UDP ports to see if they qualify for helper-forwarding. When the packets are received unicast, this check doesn't take place. In our case, a 4.2BSD host occaisionally mis-resolves the subnet broadcast address to the e-net address of the AGS. This results in both RIP and rwhod broadcasts appearing on our helper subnet. This has been reported to cs@cisco.com (bug CSCdi01107). As usual, cisco was prompt and responsive in acknowleging the problem. It is scheduled to be fixed in 8.2(4), I'm told.
mosemann@sardion.unl.edu (Russell Mosemann) (04/30/91)
In <34652@boulder.Colorado.EDU> warner@ucscc.UCSC.EDU (Jim Warner - UCSC Computer Center) writes: >There's a bug in gateway software versions 8.2(1) thru ..(3) that can >cause what looks like broadcast leakage between subnets. The symptoms >are a little mysterious since the problem appears to be intermittant, >depending on the life time of arp-cache entries in your hosts. The bug is in 8.1(19) through ..(3). >If an AGS recieves a IP subnet broadcast that is Ethernet-mac-layer >addressed to the interface (i.e. not an all 1's broadcast) and if >a helper address is defined on that interface, then *all* such >packets will be forwarded to the helper address. If your helper >address is itself a subnet broadcast address, you'll have what looks >like inter-subnet broadcast leakage. >The bug is that all such packets are supposed to be checked against >a list of UDP ports to see if they qualify for helper-forwarding. >When the packets are received unicast, this check doesn't take place. >In our case, a 4.2BSD host occaisionally mis-resolves the subnet >broadcast address to the e-net address of the AGS. This results in >both RIP and rwhod broadcasts appearing on our helper subnet. >This has been reported to cs@cisco.com (bug CSCdi01107). As usual, >cisco was prompt and responsive in acknowleging the problem. It >is scheduled to be fixed in 8.2(4), I'm told. Cisco has NOT been prompt and responsive in acknowledging the problem. I reported the problem in JANUARY. The contact was understanding and seemed willing to try to resolve the problem, but he could not convince the engineers that it was a real problem. I sent them the configuration of the router and packets off of the network. After several weeks of phone calls, an engineer finally deigned to dial up our router and do some hands-on checking. Well, lo and behold, it was happening just like I had been saying it was for weeks. In the meantime, all of our IP helpers were being bombarded with rwho, route, and various other packets from the subnet. Even after the problem was known, it was low priority. The recommended solution was to not have our machines send to their MAC address if it was an IP broadcast packet. The problem is still not fixed. A week or two ago, I was called by the contact and he informed me that the fix should be incorporated in the next release scheduled in a couple of months. This is the real story, lest you think Cisco was sure lightening fast about taking care of this problem. -- Russell Mosemann Internet: mosemann@unl.edu Network Analyst Bitnet: mosemann@unlvax1 Computing Resource Center UUCP: ..!uunet!hoss.unl.edu!mosemann University of Nebraska - Lincoln Voice: (402) 472-5930 Fax: 472-5280
barmar@think.com (Barry Margolin) (05/01/91)
In article <1991Apr30.151949.22646@unlinfo.unl.edu> mosemann@unl.edu writes: > Even after the problem was known, it was low priority. The >recommended solution was to not have our machines send to their MAC >address if it was an IP broadcast packet. I'm curious -- why are your hosts sending IP broadcasts to the MAC address of the router instead of the MAC broadcast address? It sounds to me like your hosts are doing the wrong thing. Are you giving the vendors of the host IP software as much shit as you're giving cisco? -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar