nanog mailing list archives

Re: US patent 5473599


From: Geraint Jones <geraint () koding com>
Date: Thu, 8 May 2014 23:46:28 +1200

On 8/05/2014, at 11:09 pm, Henning Brauer <hb-nanog () bsws de> wrote:

* Nick Hilliard <nick () foobar org> [2014-05-08 13:03]:
On 08/05/2014 11:25, Henning Brauer wrote:
you shouldn't see issues but log spam.
maybe you misunderstand the problem.  If you have vrrp and carp on the same
vlan, using the same vrrp group ID as VHID, then each virtual IP will arp
for the same mac address on that vlan.

correct.

This messes up the switch's forwarding table for that particular vlan
because it sees multiple entries from different ports for the same mac
address.

correct.

my switches seem to deal with that, wether they have special handling
for that mac addr range or not i dunno.

What make and model switches?

I am sure someone here can easily verify their behaviour and if they have some baked in pixie dust to handle this. 

But a pure l2 switch should not be able to mask the issue given all it has to go on is MAC so you would either see 
excessive flooding of a unicast MAC, or black holing of VRRP or CARP. 

Neither of which are desirable and given that the flooding would lead to serious security issues worries me from such a 
security focused community as the OpenBSD community professes to be.


again, stress the fact that afair we have gotten zero reports about
that "issue" for 10 years, it obviously means that either
1) a vast majority of switches deal with it just fine
2) people know that vhids shouldn't clash and avoid that

-- 
Henning Brauer, hb () bsws de, henning () openbsd org
BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, VMs/PVS, Application Hosting


Current thread: