[j-nsp] ex4200 static arp
Eugeniu Patrascu
eugen at imacandi.net
Fri Feb 20 14:31:17 EST 2009
Ross Vandegrift wrote:
> On Mon, Jan 19, 2009 at 10:16:47AM +0100, Benny Amorsen wrote:
>
>> In practice most vendors ignore the "multicast" word in that sentence.
>> The functionality is really useful and hard to achieve in any other
>> way.
>>
>> RFC 1812 should be amended.
>>
>
> I disagree. It doesn't make any sense to accept a multicast address
> for a unicast neighbor resolution protocol - especially since I could
> use that as a denial-of-service vector by maliciously answering ARP
> queries and forcing others to multicast.
>
> Microsoft's old NLB implementations used to answer ARP with the
> multicast MAC address for the cluster. We had Cisco gear that refused
> to learn it. That makes Cisco and Juniper that don't learn them - who
> works that way?
>
> Nokia should generate a virtual MAC if they want a MAC that can float
> past device failover. That's how VRRP, HSRP and NSRP work and it's
> great.
>
>
I encountered this problem a few years ago and the resolution on Nokia
TAC site was to manually set the ARP on the Cisco switches that we were
using.
And from what I know, this behavior hasn't changed recently.
More information about the juniper-nsp
mailing list