nanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)
Posted by jpluimers on 2016/12/05
Time after time issues pop up related to MAC addresses that start with a4 or a 6.
The underlying issue has to do with switches interpreting too much information of (un)encrypted traffic and dropping them because they wrongly think it’s plain ethernet traffic they need to handle.
MAC addresses starting with a 4 or 6 have have a common bit pattern (likekly that fails with 12 and 14 as well) that cause failure in certain network equipment that’s hard to trace as there is limited.
[WayBack] Christian Vogel – Google+ (Physics, Electronics, Software) explains this way better at [WayBack] When your MAC address starts with 4 or 6, weird things can happen and it’s not always fixable… – Kristian Köhntopp – Google+:
you are basically tunneling different and unknown types of data inside the MPLS frames.
Imagine a (unencrypted) VPN connection between your laptop and your company or home VPN gateway.
Now a router in between wants to make an decision based on the payload of your VPN packets. But it does not know whether your VPN tunnel carries IP packets without any headers or Ethernet frames.
IP packets start with ‘4’ or ‘6’, and Ethernet frames start with the first nibble of the destination MAC address. If the MAC address starts with ‘4’, the router (wrongly) assumes you carry IP and will look at some data within the Ethernet frame where it expects some value that makes sense if would be an IP packet. But as you were transmitting an Ethernet frame this location contains something else.
The decision the intermediate router then takes based on this flawed data may then lead to significant performance penalties.