My employer subscribes to a fiber based leased Internet from a publicly owned incumbent ISP. The ISP admin says that he cannot give a subnet bigger than /30 because he fears that the ISP edge router would become unstable and start rebooting because of ARP broadcast from larger subnets. But I badly require a /29 subnet. I told him that ARP flooding only affects switches and not routers. But he says that the ISP edge router usually gets flooded by ARP broadcasts from the customers who are already assigned larger subnets. According to him many times it has rebooted only because of it. The largest subnet assigned directly from the edge router is /28. None of the customers have more than 20 mbps bandwidth. The router is Cisco 7500 series. I believe that ARP broadcast flooding would never result in reboots. I need to convince him that that ARP broadcast does not affect routers and somehow I should get /29 subnet. So, what is the best step to take with this strange situation?
EDIT1:
For one year I had a /29 subnet from the same ip. Because of budgetary constraints I could get only one server (with 6 ethernet interfaces) from my employer to be used as server and router (with Ubuntu server). As my users (who browse internet from the LAN) visit dodgy websites, I setup one pub ip from the /29 subnet on one interface for NATing traffic to local LAN for my users. I used another pub ip on another interface through which I hosted some websites (I used policy routing from iproute2 to send my website from the interface/ip which is different from the pub ip used by the LAN users). This is done just to avoid the domain associated ip to be blacklisted/probed if LAN users browse dodgy sites with the same ip. And I also use another pub ip on another interface to NAT traffic to a another separate group of users.
Now I'm buying a 3 times faster link from the same ISP for which I have to use a separate pub ip subnet. And they told me in advance that I'll get connected to ISP only with a /30 subnet, but I might get a /29 subnet which is routed through /30 subnet. This setup requires a new router, which I don't want to have. And more importantly, I'm going to miss the awesome setup where I used one server for everything. Or is there a way to use ip's from both /30 and /29 subnets on the same router (as the router has multiple interfaces)?
In the city where I live all the ISP's (even a tier 1 ISP) provide direct connection with only /30 subnet. If we ask for more ips, they proived a /29 subnet routed through the previously provided /30 subnet. And everyone fears ARP flooding on their edge routers. ARP flooding causing routers to reboot seems like a baseless urban myth.
EDIT2:
On my current /29 subnet I used tcpdump to listen to arp requests/replies. The gateway for /29 (ISP's edge router) replies with its MAC for many 10.x.x.x, 172.x.x.x, and 192.x.x.x adresses. For an hour more than 100 different ip addresses were advertized (even though there were no requests for those addresses). Every time it is the same MAC address, the same one for my /29 gateway ip. Seems like they use proxy arp excessively. Would this affect the performance of their edge router?
Best Answer
If the provider's router is being adversely effected by ARP traffic then it is misconfigured. Have them look into control plane policing (CoPP), which will protect the device's CPU not only from ARP traffic but from a number of other potential threats. Check out http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6970/ps1838/prod_white_paper0900aecd804ac831.pdf for some examples and suggestions.
Also, as mentioned, ARP would be a moot point if they just routed the subnet to you.