[c-nsp] Cisco1900 routing packets with destination MAC all zero?

Saku Ytti saku at ytti.fi
Mon May 8 04:57:33 EDT 2017


Hey,

I'm not sure why this is relevant?

OP is asking if frame should have passed PHY/mac_filter, If L3 port
receives frame, it does not care about L2 headers, it'll just forward
it based on L3, and generates new L2 rewrite on egress.

Now should the router have received it or not is debatable.
Technically, I believe all zeros is just normal unicast XEROX OUI
DMAC, so it should not pass MAC filter. However MAC filter may be
disabled for various reason, such as having subinterface with EoMPLS,
in this case any DMAC, on any subint, would be received and IP lookup
done, and forwarded (this platform does not enable per VLAN MAC
filtering).

Now if there is no reason why the interface would be in promisc mode,
it's still debatable should all-zeros be received or not. Some vendors
consider them invalid, I'm not sure about the justification, I think
some consider them broadcast, unsure about the justification either. I
guess in real-world, if you have all-zeroes DMAC, it's not gonna be
XEROX NIC, it's going to be some failure mode.

I would mark the behaviour 'unspecified', and not rely on anything
specific happening. Potentially filtering them in L2, if unwanted.


On 8 May 2017 at 11:31, James Bensley <jwbensley at gmail.com> wrote:
> Can you make a packet capture of the packet coming into the ingress
> interface and going out of the egress interface and share the capture
> with us? Then we can look for any differences in the packet (how the
> router may have changed it's contents). Also share the ingress and
> egress interface configs? Also confirm if this was a valid forward for
> the captured packet (if it's an IP packet for example, did it ingress
> and egress via the correct interfaces).
>
> Cheers,
> James.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



-- 
  ++ytti


More information about the cisco-nsp mailing list