[c-nsp] Are multicast MAC addresses allowed in the source field?
Mack O'Brian
mackobrian40 at gmail.com
Sat Oct 16 01:56:16 EDT 2010
On Fri, Oct 15, 2010 at 2:43 PM, John Neiberger <jneiberger at gmail.com>wrote:
> >> > RFC 1812 section 3.3.2 says it shouldn't work:
> >> > A router MUST not believe any ARP reply that claims that the Link
> >> > Layer address of another host or router is a broadcast or multicast
> >> > address.
> >
> >> Yep, this is a Checkpoint cluster connected to Cisco switches. Once I
> >> discovered the right search terms, I found the configuration guide on
> CCO. I
> >> had never heard of this before. I think we've decided against it since
> it would
> >> require static entries on 20 switches and 10 routers. I think they
> decided to
> >> launch this in unicast mode for now and we might revisit multicast mode
> >> some other time.
> >
> > My interpretation of the original post was that the multicast address was
> in the Ethernet header (7th byte of the frame is an odd number).
> >
> > But it sounds like the multicast address is appearing in the Sender MAC
> field of the ARP reply.
> >
> > Which behavior is it, exactly?
> >
>
> > That's a good question, and I don't have an answer. I'm not sure about
> > the specific behavior of these firewalls. Our security guys just now
> > decided to deploy these in unicast mode, so I guess it's a moot point
> > now. :)
>
The last I looked into it, in unicast mode I was running into broadcast
for all communication to all of the ports in that vlan. Just run a sniff on
any other port in that vlan and you will see what I am talking about. To
remedy that situation we put the NLB clusters in a separate VLAN.
Mack
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list