Date: Wed, 09 Oct 2002 14:45:47 -0700 From: "Kevin Oberman" <oberman@es.net> To: Nick Rogness <nick@rogness.net> Cc: TheGlenMann <cumquott@suscom.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Ping to broadcast ok from subnet, not ok otherwise Message-ID: <20021009214547.8AB7F5D06@ptavv.es.net> In-Reply-To: Your message of "Wed, 09 Oct 2002 15:41:21 MDT." <20021009153149.A645-100000@skywalker.rogness.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Wed, 9 Oct 2002 15:41:21 -0600 (MDT) > From: Nick Rogness <nick@rogness.net> > Sender: owner-freebsd-questions@FreeBSD.ORG > > On Wed, 9 Oct 2002, TheGlenMann wrote: > > > >From the deft fingers of Nick Rogness... > > > On Wed, 9 Oct 2002, TheGlenMann wrote: > > > > > >> Hi all- > > >> > > >> (Is this list working right? - I'm getting lots of wierd stuff in the > > >> digests...but anyway...) > > >> > > >> Other attempts to find the answer to this have failed, hopefully this > > >> isn't too off-topic. > > >> > > >> We have several subnets connected via Frame Relay. Call them 10.10.1, > > >> 10.10.2, 10.10.3, etc. On each, the gateway is the 254 address, e.g., > > >> 10.10.1.254. > > >> > > >> Sitting at a 10.10.1.n machine, I can ping the gateway 10.10.x.254 on > > >> every subnet. However, a ping to the broadcast address as > > >> ping -c1 10.10.x.255 > > >> fails on some of the subnets (from outside that subnet). From within > > >> the subnet, the ping to the broadcast succeeds everywhere. Pings to > > >> known hosts (and 10.10.x.254) succeed always from everywhere. > > >> > > >> So, my question is, why would I be able to successfully ping to the > > >> broadcast address from within a subnet but not from outside the > > >> subnet, but only in certain cases? We have a mix of windows, FreeBSD, > > >> router, and other machines on each subnet. (I'm led to ask all this > > >> since where the broadcast doesn't work from outside the subnet, > > >> neither does DHCP, which is proving to be a real problem!) > > > > > > Do you have Cisco routers connecting your frame's together? > > > > > > > > We have a Cisco router for the T1 to the internet, but the frame routers > > are Motorola/Vanguard 320 with a Vanguard 6520 at our main location. > > I've looked at the settings on the 320's, but with no luck (I cannot > > access the 6520 at all - I'm locked out). > > The reason I asked is because cisco's 'no ip directed-broadcast' > would be dropping these packets. My guess is that the Vanguard is > doing the same. This was mentioned in a another email. > > > > > I've was told by our vendor that "Well, DHCP is known to 'just stop > > working' on the 320's...you need an expensive software upgrade." Not > > acceptable, since nothing changed. Vanguard (who bought the Motorola > > Vanguard equipment line) would not even think about the question for > > less than $600. > > If you are not getting DHCP requests through then you need to be > running some sort of DHCP relay or rely on the router to forward > these broadcast requests to your DHCP servers (which actually turn > the broadcast into a unicast and forward it). > > Also, some OS's do not respond to directed broadcasts. Responding to directed broadcasts by an end node is optional and some don't. No router should ever forward directed broadcasts unless the owner of the router deliberately turns on this (mis)feature. The older RFC (1122?) mandated that routers could turn it off but had to default to forwarding. This was changed after SMURF attacks became popular to MUST default to not forwarding. All routers I have used recently do this correctly. (Cisco, Juniper, Foundry). R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009214547.8AB7F5D06>