VMAC for VRRPv3? Analysis of Design Tradeoffs

Slides:

Advertisements

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

Advertisements

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Bridging. Bridge Functions To extend size of LANs either geographically or in terms number of users. − Protocols that include collisions can be performed.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

Network Devices By Scott Burden & Linnea Wong Hubs Intelligent hubs have console ports, to allow monitoring of the hubs status and port activity. Passive.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

1 Computer Networks LAN Bridges and Switches. 2 Where are we?

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

17-LAN extensions: Fiber Modems, Repeaters, Bridges and Switches Dr. John P. Abraham Professor UTPA.

We will be covering VLANs this week. In addition we will do a practical involving setting up a router and how to create a VLAN.

TELE202 Lecture 10 Internet Protocols (2) 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »Internet Protocols (1) »Source: chapter 15 ¥This Lecture »Internet.

Chapter 4: Managing LAN Traffic

Bridges, Routers and Switches Part One Three things are certain: Death, taxes, and lost data. Guess which has occurred. Haiku error message.

Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.

Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.

Methods of ATM Internetworking. What is LAN Emulation? Lan Emulation provides for: – all existing LAN applications to run over ATM – the use of ATM as.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

Router and Routing Basics

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Network Security Principles & Practices

Corporate Firewalls and DMZs By Matt Bertram ISQS 6342 (Spring 2003) Professor John Durrett.

VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Switching and Wireless Implement Spanning Tree Protocols (STP) Chapter.

1 Virtual Router Redundancy Protocol (VRRP) Speaker: Li-Wen Chen Date:

Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

STP LAN Redundancy Introduction Network redundancy is a key to maintaining network reliability. Multiple physical links between devices provide redundant.

STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.

Cisco Network Devices Chapter 6 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Identify and explain various Cisco.

Copyright 2002Cisco Press: CCNA Instructor’s Manual Year 2 - Chapter 16/Cisco 4 - Module 9 CCNA Certification Exam Review By Your Name.

CCNA Guide to Cisco Networking Chapter 2: Network Devices.

McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

ICMPv6 Error Message Types Informational Message Types.

Objectives After completing this chapter you will be able to: Describe the different types of bridging: Transparent, Source Route and Translate Describe.

1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.

1 Large-scale (Campus) Lan design (Part II)  VLANs  Hierarchical LAN design.

1 Chapter 3: Packet Switching (Switched LANs) Dr. Rocky K. C. Chang 23 February 2004.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Spanning Tree Protocols (STP) LAN Switching and Wireless – Chapter.

Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

Delivery Categories of Messaging. Messaging Categories Unicast: Messages are sent to a single, specific recipient Multicast: Messages are sent to a group.

Introduction to Information Security

Youngstown State University Cisco Regional Academy

CCNA Practice Exam Questions

Layer 3 Redundancy 1. Hot Standby Router Protocol (HSRP)

IP: Addressing, ARP, Routing

Exploiting Layer 2 By Balwant Rathore.

Large-scale (Campus) Lan design (Part II)

Lecture 2: Leaf-Spine and PortLand Networks

Networking Devices.

3. Internetworking (part 2: switched LANs)

Network Configurations

: An Introduction to Computer Networks

Introduction to Networking

Connecting Networks Repeater: physical layer Bridge: data link layer

Virtual Router Redundancy Protocol (VRRP)

Lecture#10: LAN Redundancy

Large-scale (Campus) Lan design (Part I)

Instructor & Todd Lammle

Virtual Local Area Network

Connecting LANs, Backbone Networks,

Dr. Rocky K. C. Chang 23 February 2004

Connections Johan Lukkien

Chapter 15. Connecting Devices

Presentation transcript:

VMAC for VRRPv3? Analysis of Design Tradeoffs

Whirlwind Historical Context A few rare, broken ARP implementations for IPv4 ignored gratuitous broadcasts To maximize interoperability, VRRP (and its proprietary forerunners) used VMAC VMAC has both benefits and drawbacks Current VRRP for IPv6 continues with VMAC mainly because it worked for IPv4

Advantages of VMAC Router failover is nearly invisible to hosts Non-compliant ND implementations work Packet loss between router and host at failover time is benign Helps router choose source address for ICMP error messages

Disadvantages of VMAC (1 of 2) Contributes to complexity of draft –special rules for FDDI –source routing concerns for Token Ring –"When a VRRP router restarts or boots, it SHOULD not send any ND messages with its physical MAC address for the IPv6 address it owns,..." Duplicate MAC addresses may not be handled well in some LAN environments –ATM LAN Emulation “beyond the scope” of draft –one wireless station is limited to one address –however, note that 802.1X access control looks OK

Disadvantages of VMAC (2 of 2) Tracing and quarantining failures or mis- configurations by MAC address is harder Hosts cannot readily detect failover Timing issues around LAN partitioning and reconnection become more complex Some router hardware does not support multiple MAC addresses (e.g., Cisco 4000 series)

Additional issues from the list Don Provan’s NetGear FS524S switch did not forward a new packet to the port where its source MAC address was last heard from –two Masters will never hear each other Bridges using 802.1Q Shared VLAN Learning (SVL) would have trouble if the same VRID appeared on two VLAN’s

Scenario: Normal Failover Two participating routers, on same switch VMAC works well here Only Switch B even notices a change

Scenario: Rogue Router Unexpected VRRP router appears on LAN With VMAC, bridge tables change twice per second; about half the packets get out Without VMAC, bridge forwarding tables never change; host’s cache changes slowly LAN administrator traces MAC address

Scenario: Packet Loss Router 1 is cut off; Router 2 takes over Router 2’s Neighbor Advertisement is lost VMAC has an advantage here But if Router 2 just repeats it 1 sec later… If VRRP packet is lost, switches won’t learn; this works better without VMAC

Scenario: Spanning Tree Switch B loses its connection to Switch A Switch C will join A’s span. tree in ~20 sec Meanwhile, Router 2 becomes Master also With VMAC, Host 3 may lose for ½ sec Easier to analyze without VMAC

Questions?

Summary of Proposed Changes Eliminate use of VMAC, but… Use virtual IPv6 address Bag “MUST NOT” answer ping if prio<255 Listen/audit VRRP packets when prio=255 Accept VRRP packets with wrong interval Send unsolicited ND broadcast twice