[c-nsp] Are multicast MAC addresses allowed in the source field?

Christopher.Marget at usc-bt.com Christopher.Marget at usc-bt.com
Fri Oct 15 17:15:15 EDT 2010


jneiberger at gmail.com wrote:
> On Fri, Oct 15, 2010 at 2:47 PM, Lee <ler762 at gmail.com> wrote:
> > On 10/15/10, John Neiberger <jneiberger at gmail.com> wrote:
> >> We have an application involving a firewall cluster where the cluster
> >> has a VIP associated with it, but the VIP apparently replies to ARP
> >> requests with a multicast MAC address. 

> > RFC 1812 section 3.3.2 says it shouldn't work:
> >   A router MUST not believe any ARP reply that claims that the Link
> >   Layer address of another host or router is a broadcast or multicast
> >   address.

> Yep, this is a Checkpoint cluster connected to Cisco switches. Once I
> discovered the right search terms, I found the configuration guide on CCO. I
> had never heard of this before. I think we've decided against it since it would
> require static entries on 20 switches and 10 routers. I think they decided to
> launch this in unicast mode for now and we might revisit multicast mode
> some other time.

My interpretation of the original post was that the multicast address was in the Ethernet header (7th byte of the frame is an odd number).

But it sounds like the multicast address is appearing in the Sender MAC field of the ARP reply.

Which behavior is it, exactly?



More information about the cisco-nsp mailing list