Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!tut.cis.ohio-state.edu!snorkelwacker!ira.uka.de!fauern!tumuc!lan!charly.bl.physik.tu-muenchen.de!k2
From: k2@charly.bl.physik.tu-muenchen.de (Klaus Steinberger)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Why does a wrong broadcast address cause arp-havoc?
Message-ID: <3440@tuminfo1.lan.informatik.tu-muenchen.dbp.de>
Date: 16 Jul 90 06:11:58 GMT
References: <1990Jul13.205833.7161@phri.nyu.edu>
Sender: news@lan.informatik.tu-muenchen.dbp.de
Lines: 49

roy@alanine.phri.nyu.edu (Roy Smith) writes:


>	By watching with tcpdump, I can see that when an occassional IP
>object gets configured with the wrong broadcast address, each time it sends
>a broadcast packet, a flurry of arp requests are generated by various
>machines on the network.  I sort of understand what is going on, but not
>exactly.  We use a hostpart of .0.0 for broadcasts, but once in a while a
>misconfigured box pops up with .255.255, which other machines then try to
>arp for.
At first: Not the .255.255 boxes are misconfigured, all of youre other
	stuff is misconfigured. The official broadcast address is a
	host-part of all ones! There was an bug in Berkeley 4.2 networking
	code, which led to those all zero addresses!

>	What I don't understand is 1) why they bother to arp at all and 2)
>why only some machines do it?  As I understand it, when a machine wants to
>send an IP packet, it has to arp to find out what link-level address to put
>in the ethernet dst field.  But why should a machine try to do an IP->ether
>address resolution just because it receives an rwho packet sent to the
>wrong IP broadcast address?  An rwho requires no response, so there really
It's because IP-forwarding is normally enabled in the kernel. And some
machines think, if they are configured to all zeros broadcast, and they
see a all ones broadcast, that they must forward it. So they try to arp'
the address.

>isn't any reason to need to know where it came from.  As for the second
>question, what is it about some machines that makes them arp for bad
>broadcasts and others not?  In our particular case, we have a bunch of
>Sun-3's, all running SunOS-3.5.2.  One of them runs a generic kernel, and
>that's the only one that arps in response to .255.255 packets.  All our
>other Suns run customized kernels, but the only customizations are to
>delete device drivers they don't need; nothing (that I know of) has been
>changed in the networking code, yet they don't arp .255.255's.  Why not?
Maybe, you have disabled IP-forwarding in the customized kernels.

I think you should have a close look to all your equipment, if it's
able to use the .255.255 broadcast, and then you should switch to it.
It's hard to do, because you have to change all configurations in one shot,
but you will not run into trouble, if new machines are installed.
Most networking software is derived from Bsd 4.3, so the broadcast
will be configurable, but all defaults to .255.255. 

Sincerely,
Klaus Steinberger

Klaus Steinberger               Beschleunigerlabor der TU und LMU Muenchen
Phone: (+49 89)3209 4287        Hochschulgelaende, D-8046 Garching, West Germany
BITNET:  K2@DGABLG5P            Internet: k2@charly.bl.physik.tu-muenchen.de