James J Pike writes: > AFter adjusting the 'ip_ire_arp_interval' to 1 minute, we are now > experiencing intermittant IPMP failure with interfaces failing over at random > intervals. > > Adjusting this value back to 20 minutes resolves the issue, but the reason > for the modification was due to security concerns and should be returned to > the lower value. > > Any thoughts?
What sort of security does changing ip_ire_arp_interval buy? Setting that parameter to a small value forces the system to flush out all IRE cache entries within that specified interval. This forces us to generate more ARP queries and may cause a loss of connectivity or lengthy delays if there are problems getting responses. (In particular, a Certain Router Brand is known for dropping at least one packet each time an ARP message is handled.) Those disruptions, in turn, can cause IPMP to detect failures and may cause other problems. On the other hand, it's hard to see what additional security could be bought with a change in this parameter. ARP itself has no security at all, so generating more queries on the wire doesn't mean that we'll have data that's any less vulnerable to attack by someone with direct access to the network and the ability to forge ARP messages. This looks to me like a good way to cause problems. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
