[j-nsp] ex4200 static arp
Ross Vandegrift
ross at kallisti.us
Mon Jan 19 11:06:32 EST 2009
On Mon, Jan 19, 2009 at 10:16:47AM +0100, Benny Amorsen wrote:
> In practice most vendors ignore the "multicast" word in that sentence.
> The functionality is really useful and hard to achieve in any other
> way.
>
> RFC 1812 should be amended.
I disagree. It doesn't make any sense to accept a multicast address
for a unicast neighbor resolution protocol - especially since I could
use that as a denial-of-service vector by maliciously answering ARP
queries and forcing others to multicast.
Microsoft's old NLB implementations used to answer ARP with the
multicast MAC address for the cluster. We had Cisco gear that refused
to learn it. That makes Cisco and Juniper that don't learn them - who
works that way?
Nokia should generate a virtual MAC if they want a MAC that can float
past device failover. That's how VRRP, HSRP and NSRP work and it's
great.
--
Ross Vandegrift
ross at kallisti.us
"If the fight gets hot, the songs get hotter. If the going gets tough,
the songs get tougher."
--Woody Guthrie
More information about the juniper-nsp
mailing list