does network "width" mean anything? ambigious arpwatch syntax

does network "width" mean anything? ambigious arpwatch syntax

Post by Rahu » Thu, 09 Sep 2010 08:53:07



I cannot figure out how to specify the "optional width" that the -n option
for arpwatch specifies. Is there a standardized syntax for "network width"?
I suspect this is the netmask but not sure. Also what is the "default
classmask" for the 172.16.x.x network's class?

-----------------man arpwatch----------------------
[snip]
The -n flag specifies additional local networks. This can be useful to
avoid "bogon" warnings when there is more than one network running on the
same wire. If the optional width is not specified, the default netmask for
the network's class is used.
[snip]
-----------------------------------------------------------------

I have 10.0.x.x (primary traffic) and 172.16.x.x (IPMI out-of-band traffic)
on the same pysical wire. This leads to lots of "bogon" warnings from
arpwatch that I am trying to avoid.

--
Rahul

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by <Use-Author-Supplied-Address-Heade » Fri, 10 Sep 2010 03:14:53


: I cannot figure out how to specify the "optional width" that the -n option
: for arpwatch specifies. Is there a standardized syntax for "network width"?
: I suspect this is the netmask but not sure. Also what is the "default
: classmask" for the 172.16.x.x network's class?

: -----------------man arpwatch----------------------
: [snip]
: The -n flag specifies additional local networks. This can be useful to
: avoid "bogon" warnings when there is more than one network running on the
: same wire. If the optional width is not specified, the default netmask for
: the network's class is used.
: [snip]
: -----------------------------------------------------------------

: I have 10.0.x.x (primary traffic) and 172.16.x.x (IPMI out-of-band traffic)
: on the same pysical wire. This leads to lots of "bogon" warnings from
: arpwatch that I am trying to avoid.

Try '-n 172.16.0.0/16'

Tom.

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by Moe Tr » Fri, 10 Sep 2010 04:15:24


On Tue, 7 Sep 2010, in the Usenet newsgroup comp.os.linux.networking, in article


>I cannot figure out how to specify the "optional width" that the -n
>option for arpwatch specifies. Is there a standardized syntax for
>"network width"? I suspect this is the netmask but not sure.

   arpwatch [ -dN ] [ -f datafile ] [ -i interface ]
            [ -n net[/width ]] [ -r file ]
                 ^^^^^^^^^^
  172.16.0.0/16

Quote:>Also what is the "default classmask" for the 172.16.x.x network's
>class?

You have to remember what classful networking was - before RFC1519.
Networks 1.0.0.0 through 127.0.0.0 were Class A's or /8s (netmask
255.0.0.0 or 0xff000000),  128.0.0.0 through 191.255.0.0 were Class
B's or /16s (255.255.0.0 or 0xffff0000), and 192.0.0.0 through
223.255.255.0 were Class C's or /24s (255.255.255.0 or 0xffffff00).
Try page 24 of RFC0791, or the 'Linux Network Administrator's Guide'
from the LDP (http://tldp.org/guides.html).  Remember, arpwatch was
created in 1992 when things were less complicated.

Quote:>I have 10.0.x.x (primary traffic) and 172.16.x.x (IPMI out-of-band
>traffic) on the same pysical wire. This leads to lots of "bogon"
>warnings from arpwatch that I am trying to avoid.

   The -N flag disables reporting any bogons.

What problem are you attempting to solve by having two networks on
the same wire?  It's probably not doing so.

        Old guy

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by Rahu » Sat, 11 Sep 2010 03:37:15




> On Tue, 7 Sep 2010, in the Usenet newsgroup comp.os.linux.networking,


>>I cannot figure out how to specify the "optional width" that the -n
>>option for arpwatch specifies. Is there a standardized syntax for
>>"network width"? I suspect this is the netmask but not sure.

>    arpwatch [ -dN ] [ -f datafile ] [ -i interface ]
>             [ -n net[/width ]] [ -r file ]
>                  ^^^^^^^^^^
>   172.16.0.0/16

Thanks! That works.

Quote:>>Also what is the "default classmask" for the 172.16.x.x network's
>>class?

> You have to remember what classful networking was - before RFC1519.
> Networks 1.0.0.0 through 127.0.0.0 were Class A's or /8s (netmask
> 255.0.0.0 or 0xff000000),  128.0.0.0 through 191.255.0.0 were Class
> B's or /16s

Which means even without specifying /16 arpwatch would know the right
width for my 172.16.0.0 I guess?

Quote:

>>I have 10.0.x.x (primary traffic) and 172.16.x.x (IPMI out-of-band
>>traffic) on the same pysical wire. This leads to lots of "bogon"
>>warnings from arpwatch that I am trying to avoid.

>    The -N flag disables reporting any bogons.

True. That is what I am doing currently. But I like the -n  172.16.0.0/16
option better. If in the future for whatever reason I do have a true
bogon it will get reported.

Quote:> What problem are you attempting to solve by having two networks on
> the same wire?  It's probably not doing so.

Just trying to keep my data and management (IPMI) networks logically
seperate. Bad idea?

I had a post about it a while ago on the group:

http://bit.ly/aoH4cA

--
Rahul

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by Moe Tr » Sun, 12 Sep 2010 05:00:57


On Thu, 9 Sep 2010, in the Usenet newsgroup comp.os.linux.networking, in article



>>   172.16.0.0/16
>Thanks! That works.

K

Quote:>> 128.0.0.0 through 191.255.0.0 were Class B's or /16s
>Which means even without specifying /16 arpwatch would know the right
>width for my 172.16.0.0 I guess?

Assume != know.  Arpwatch will assume a /16, but whether it's right or
not is pure random chance.   What you do on RFC1918 address ranges is
your own choice, but I don't know of many non-RFC1918 networks using
a mask that wide.  While the original DIX Ethernet (normally called
10Base5 or thicknet) did physically allow 10,000 systems on a network
(100 hosts/segment, maximum of two repeaters between any two hosts),
practical matters (allowing all hosts a "chance" to send a packet)
and the Ethernet specification itself imposed much smaller limits
(spec limit was 1024 hosts) - see RFCs 0917, 0925, 0932, 0936, 0940
and 0950 for much discussion.   Our original layout used a /22 mask
(255.255.252.0) allowing 1022 hosts per subnet.  Having more than
about 300 caused substantial collisions and low through-put, and we
wound up installing the original Kalpana EtherSwitches in ~1990 to
break the subnets into sections with no more than 70 systems per wire.
Modern network design uses the concept of one system per switch port,
and the limitations become the aggregate bandwidth capabilities of the
switches (see the spec sheets for the switches for details).

Quote:>> What problem are you attempting to solve by having two networks on
>> the same wire?  It's probably not doing so.
>Just trying to keep my data and management (IPMI) networks logically
>seperate. Bad idea?

Traffic is already separated by tuple (addresses/ports/sequence
numbers), so all you are doing is increasing the size of your ARP
caches and the size or complexity of your network stacks.  I don't
see it buying anything.

        Old guy

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by Rahu » Sun, 12 Sep 2010 07:40:45




Quote:>>> What problem are you attempting to solve by having two networks on
>>> the same wire?  It's probably not doing so.

>>Just trying to keep my data and management (IPMI) networks logically
>>seperate. Bad idea?

> Traffic is already separated by tuple (addresses/ports/sequence
> numbers), so all you are doing is increasing the size of your ARP
> caches and the size or complexity of your network stacks.  I don't
> see it buying anything.

True, you are right. I should have stuck to just one subnet in hidsight.

--
Rahul

 
 
 

does network "width" mean anything? ambigious arpwatch syntax

Post by Jorgen Grah » Sun, 12 Sep 2010 17:24:33



> On Tue, 7 Sep 2010, in the Usenet newsgroup comp.os.linux.networking,
> in article

>>I cannot figure out how to specify the "optional width" that the -n
>>option for arpwatch specifies. Is there a standardized syntax for
>>"network width"? I suspect this is the netmask but not sure.

>    arpwatch [ -dN ] [ -f datafile ] [ -i interface ]
>             [ -n net[/width ]] [ -r file ]
>                  ^^^^^^^^^^
>   172.16.0.0/16

In other words, their "network width" is what is usually called
"prefix length" these days.

/Jorgen

--

\X/     snipabacken.se>   O  o   .