[c-nsp] Are multicast MAC addresses allowed in the source field?
Lee
ler762 at gmail.com
Fri Oct 15 16:47:45 EDT 2010
On 10/15/10, John Neiberger <jneiberger at gmail.com> wrote:
> We have an application involving a firewall cluster where the cluster
> has a VIP associated with it, but the VIP apparently replies to ARP
> requests with a multicast MAC address. The idea, ultimately, is that
> both firewalls in the cluster will receive the same traffic all the
> time. To make this work, the router would have to accept an ARP reply
> that had a multicast source address (I have no idea if that's
> technically a problem or not) and the switches would have to populate
> their MAC address tables properly.
>
> It seems to me that this ought to work as long as we're not running
> IGMP snooping or anything like that on the switches.
>
> What do you think?
RFC 1812 section 3.3.2 says it shouldn't work:
A router MUST not believe any ARP reply that claims that the Link
Layer address of another host or router is a broadcast or multicast
address.
Then again, we used to have a firewall that did that. It required
configuring static mac addresses on everything, but eventually it did
work.. I don't remember if it was Cisco or Checkpoint that had a
paper describing what all had to be done to get it to work.
Regards,
Lee
More information about the cisco-nsp
mailing list