IETF Logo Mail Archive

RE: [VRRP] Two MAC addresses for a same IP Primary address

"don provan" <dprovan@bivio.net> Thu, 23 March 2006 17:37 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FMTkW-00069j-BF; Thu, 23 Mar 2006 12:37:28 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FMTkV-00069Y-Jb for vrrp@ietf.org; Thu, 23 Mar 2006 12:37:27 -0500
Received: from stimpy.bivio.net ([216.142.75.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FMTkU-0005Jb-28 for vrrp@ietf.org; Thu, 23 Mar 2006 12:37:27 -0500
Received: from xp (beavis.bivio.net [192.168.2.10]) by stimpy.bivio.net (8.12.8/8.12.8) with ESMTP id k2NHbLXI021866; Thu, 23 Mar 2006 09:37:22 -0800
Message-Id: <200603231737.k2NHbLXI021866@stimpy.bivio.net>
From: don provan <dprovan@bivio.net>
To: 'Vincent Jardin' <Vincent.Jardin@6wind.com>
Subject: RE: [VRRP] Two MAC addresses for a same IP Primary address
Date: Thu, 23 Mar 2006 09:37:24 -0800
Organization: Bivio Networks
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Thread-Index: AcZOXYZf3FTfIEElTSeM7L638LOOzAAP75vw
In-Reply-To: <44226C84.80101@6wind.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1b0e72ff1bbd457ceef31828f216a86
Cc: vrrp@ietf.org
X-BeenThere: vrrp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Virtual Router Redundancy Protocol <vrrp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/vrrp>, <mailto:vrrp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:vrrp@ietf.org>
List-Help: <mailto:vrrp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/vrrp>, <mailto:vrrp-request@ietf.org?subject=subscribe>
Errors-To: vrrp-bounces@ietf.org

Vincent,

What you are missing is that there is no relation between the
source IP address in an IP packet and the source MAC address
in the ethernet packet carrying it. There is no requirement
whatsoever for them to match in any way, and thank goodness
because it would make routed packets somewhat difficult to
handle since they have source IP addresses completely unrelated
to any MAC address sending on the local network.

In other words, there is no such requirement as:

>Moreover, the source MAC address of the the ICMP, TCP, ARP
>packets related to the *IP Address Owner*, must (of course)
>be the *Virtual Router MAC Address*.

>Conclusion: a *Primary IP Address* can have two MAC
>addresses !!!, the *Virtual Router MAC Address* and
>the MAC address of the NIC !

The VR IP address "has" one MAC address: the VR MAC.
ARP should always advertise that mapping and no other.
But this has no relevance to the selection of source
MAC address when transmitting a packet.

I understand how startling this observation can be, but it's
just basic IP logic, nothing VRRP specific about it. Once
you get your thoughts around it, VRRP falls out nicely.
In particular, you realize that there is only one reason, ever,
to use the VR's MAC address as the source of an ethernet packet,
and that is to teach the ethernet switching infrastructure
where to send packets with that MAC address as the destination.
That is accomplished by sending the advertisement packets with
the VR MAC address as source since those packets are known to
be sent at the appropriate times.

For all other packets, the source MAC address retains its
original purpose: to identify the hardware that transmitted
the packet. If anything, this becomes *more* important in
a VRRP environment, since problems can be much harder to
diagnose if it's impossible to tell which system sent which
packets.

-don

-----Original Message-----
From: Vincent Jardin [mailto:Vincent.Jardin@6wind.com] 
Sent: Thursday, March 23, 2006 1:38 AM
To: vrrp@ietf.org
Subject: [VRRP] Two MAC addresses for a same IP Primary address

Hi all,

According to the RFC3768, when a multicast VRRP packet is sent, the source
IP address must be the *Primary IP Address* (section 5.2.1) and the source
MAC address must be the *Virtual Router MAC Address*.

Moreover, the source MAC address of the the ICMP, TCP, ARP packets related
to the *IP Address Owner*, must (of course) be the *Virtual Router MAC
Address*.

Two routers running VRRP should have 2 differents *Primary IP Address*, and
(of course) the same *IP Address Owner*.

So, if from a host, which is on the same Ethernet network, I send an ICMP
echo request to:
   - the *Primary IP Address*, which source MAC address should the ICMP echo
reply use ?
     According to me, it must NOT be the *Virtual Router MAC Address*.
   - the *IP Address Owner*, which source MAC address should the ICMP echo
reply use ?
     According to me, it must be the *Virtual Router MAC Address*.

So it means that for any packets, when the source IP address is the *Primary
IP Address*, the source MAC address could be any MAC address of the NIC; but
when it is a VRRP Multicast packet to 224.0.0.18, the source MAC address
must be the *Virtual Router MAC Address*.

Conclusion: a *Primary IP Address* can have two MAC addresses !!!, the
*Virtual Router MAC Address* and the MAC address of the NIC !

It is not logical, so what are we missing ?

According to me:
   -Option1: the section 5.2.1 should specify that the source address should
be an *IP Address Owner*, instead of the *Primary IP address*.
   -Option2: remove the constraint of the source MAC address of the VRRP
packet = the *Virtual Router MAC Address*.

I prefer option 2 because it avoids the Ethernet switch from oscillating
during a transition state.

Regards,
   Vincent

_______________________________________________
vrrp mailing list
vrrp@ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp


_______________________________________________
vrrp mailing list
vrrp@ietf.org
https://www1.ietf.org/mailman/listinfo/vrrp

v2.23.0 | Report a Bug | By Email