[c-nsp] Are multicast MAC addresses allowed in the source field?

[John Neiberger]

On Fri, Oct 15, 2010 at 2:47 PM, Lee <ler762 at gmail.com> wrote:
> On 10/15/10, John Neiberger <jneiberger at gmail.com> wrote:
>> We have an application involving a firewall cluster where the cluster
>> has a VIP associated with it, but the VIP apparently replies to ARP
>> requests with a multicast MAC address. The idea, ultimately, is that
>> both firewalls in the cluster will receive the same traffic all the
>> time. To make this work, the router would have to accept an ARP reply
>> that had a multicast source address (I have no idea if that's
>> technically a problem or not) and the switches would have to populate
>> their MAC address tables properly.
>>
>> It seems to me that this ought to work as long as we're not running
>> IGMP snooping or anything like that on the switches.
>>
>> What do you think?
>
> RFC 1812 section 3.3.2 says it shouldn't work:
>   A router MUST not believe any ARP reply that claims that the Link
>   Layer address of another host or router is a broadcast or multicast
>   address.
>
> Then again, we used to have a firewall that did that.  It required
> configuring static mac addresses on everything, but eventually it did
> work..  I don't remember if it was Cisco or Checkpoint that had a
> paper describing what all had to be done to get it to work.
>
> Regards,
> Lee
>

Yep, this is a Checkpoint cluster connected to Cisco switches. Once I
discovered the right search terms, I found the configuration guide on
CCO. I had never heard of this before. I think we've decided against
it since it would require static entries on 20 switches and 10
routers. I think they decided to launch this in unicast mode for now
and we might revisit multicast mode some other time.

Thanks!
John