Charter ARP Leak
cboyd at gizmopartners.com
Mon Dec 29 18:05:33 UTC 2014
> On Dec 29, 2014, at 11:51 AM, Jay Ashworth <jra at baylink.com> wrote:
> Ok. But the interface to which the cablemodem is attached, in the general
> single-DHCP-IP case, is a /24, is it not?
No, I've seen multiple IPv4 /21s assigned to a single customer interface on a CMTS. The newer CMTS are beastly large boxes.
> The example Valdis posted had 5 or 6 different /24s from all over the v4
> address space; that seems exceptionally sloppy routing...
It's just the nature of having multiple secondary IP addresses on the same RF interface facing the customers
> I have seen ARP-traffic-not-for-me come through a cablemodem in the past as
> well, but it was *uniformly* for the /24 in which my modem's address lived
> that day.
Cable modems are typically bridges (at least the ones that Work Right, IMHO), so it makes sense that you'll see all layer 2 broadcasts. If you live in a small enough town, or have business class service on your modem, you may only see a smaller or single subnet. On the residential side in a larger town you'll see lots of layer 2 stuff.
More information about the NANOG