On Tue, Aug 26, 2008 at 05:20:50PM -0400, der Mouse wrote: > > I'm wondering whether the 's' in ether_shost in the original code is > > a typo. > > Possibly, but I think probably not. The effect is "never learn > multicast addresses", which strikes me as the right thing. Yes, because such destinations should be splashed to all ports; if we learn them behind one port that will no longer happen. > > AFAIK no protocols send ethernet packets with a multicast source > > address. > > I don't know of any either, but I'm definitely not ready to say there > are none. .. and regardless we should be defensive against such senders. > (I can easily imagine some sort of load-balancing setup that > uses a multicast MAC as if it were an ordinary MAC, for example.) No need to imagine, I can cite a specific example. Check Point firewalls running in a particular active-active load-balancing cluster mode use exactly this trick. They use a multicast MAC address for the unicast IP address of the firewall, and respond to ARP requests accordingly with that multicast MAC source address. The intention is that all cluster thus members get sent copies of all packets, and they arbitrate amongst themselves as to who will process the packet further using the usual header-hash-bucket-ownership pattern. This doesn't always work (some devices, notably cisco routers, refuse to learn from such ARP replies and need to have the arp entry statically configured) so there are other cluster modes in the product (with other tradeoffs) too. -- Dan.
Description: PGP signature