Vulnerability Development mailing list archives

RE: mac duplication

From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Mon, 15 Dec 2003 11:46:38 -0800

Burton M. Strauss III [mailto:BStrauss () acm org] wrote:

That's also not to say you can't spoof the address, but even 
then, if you override it, you're SUPPOSED to set the LLA bit
(i.e. a LLA address is xxxxxx1x:....).


I believe that's LAA - Locally-Administered Address.  The OEM-assigned MAC
address is a UAA, or Universally-Administered Address.


Glenn_Everhart () bankone com wrote:

There exist networks that do not use ARP and require MAC
addresses to be adjusted to fit the network address scheme.

Their existence (and the fact they preceded IP) is a reason
why essentially all ethernet interfaces can reset their MAC
addresses programmatically.


Yup.  Pre-APPN SNA is an example; nodes (PUs) were usually addressed
directly by MAC address by the sender.  Of course it was possible to get the
destination's UAA and configure that in the sender's tables, but that was
cumbersome, required the destination be up and running before completing
comms configuration, and made replacing a NIC (or entire box) difficult.
LAAs were much easier to deal with.

For SNA, LAAs were probably more commonly seen on Token Ring NICs, since TR
was a more popular choice for SNA shops (as I remember), but I set some
Ethernet ones too in my day.  (Ethernet was a pain because some SNA
implementations, but not all, bit-swapped the MAC address.)


I suppose another possible use for LAAs is with certain types of failover
schemes for high-availability servers.  When one server system fails,
another can come online with the same LAA MAC address and pick up where the
failing one left off.  In principle, anyway; I had a vague idea that IBM's
HA/CMP did that, but I just checked Lynn Wheeler's site and he indicates
that HA/CMP backup servers took over just the IP address, and had to force
some noncompliant stacks to pick up the new MAC address.  (Apparently the
Reno stack had a second, "hidden" 1-item ARP cache that was used as long as
the current outbound packet had the same destination IP address as the
previous one.)

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus

Current thread:

Re: mac duplication, (continued)
- - - Re: mac duplication dreamwvr () dreamwvr com (Dec 15)
- Re: mac duplication Sam Baskinger (Dec 12)
- Re: mac duplication Jimi Thompson (Dec 13)
  - Re: mac duplication fooler (Dec 15)
  - RE: mac duplication David Gillett (Dec 15)
  - RE: mac duplication Dom De Vitto (Dec 15)
- Re: mac duplication Peter Moody (Dec 15)
- RE: mac duplication Boyer, G. T. IT2 ISSM Office (Dec 15)
- RE: mac duplication Demar, Jeremy D CTM1 (CCDG12 Aug) (Dec 15)
- RE: mac duplication Glenn_Everhart (Dec 15)
- RE: mac duplication Michael Wojcik (Dec 15)