The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,568 other followers

nanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Posted by jpluimers on 2016/12/05

Time after time issues pop up related to MAC addresses that start with a4 or a 6.

[WayBacknanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

The underlying issue has to do with switches interpreting too much information of (un)encrypted traffic and dropping them because they wrongly think it’s plain ethernet traffic they need to handle.

MAC addresses starting with a 4 or 6 have have a common bit pattern (likekly that fails with 12 and 14 as well) that cause failure in certain network equipment that’s hard to trace as there is limited.

[WayBackChristian Vogel – Google+ (Physics, Electronics, Software) explains this way better at [WayBack] When your MAC address starts with 4 or 6, weird things can happen and it’s not always fixable… – Kristian Köhntopp – Google+:

you are basically tunneling different and unknown types of data inside the MPLS frames.

Imagine a (unencrypted) VPN connection between your laptop and your company or home VPN gateway.

Now a router in between wants to make an decision based on the payload of your VPN packets. But it does not know whether your VPN tunnel carries IP packets without any headers or Ethernet frames.

IP packets start with ‘4’ or ‘6’, and Ethernet frames start with the first nibble of the destination MAC address. If the MAC address starts with ‘4’, the router (wrongly) assumes you carry IP and will look at some data within the Ethernet frame where it expects some value that makes sense if would be an IP packet. But as you were transmitting an Ethernet frame this location contains something else.

The decision the intermediate router then takes based on this flawed data may then lead to significant performance penalties.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: