Hello,
Is there a way to control which multicast MAC address an ethernet interface
should handle ?
I have problem with a server running OpenBSD4.1-rel (A) with a pcn and carp
interface.
On the same Ethernet network, there is another server (B) and a
hi-availability cluster of firewalls (commercial product) (F composed of F1
and F2) reached via unicast IP address (IPADDR{F}) over multicast MAC
address (MAC{F}).
When B wants to communicate to a service behind F (IP route is known via
IPADDR{FW} ) this appens :
- B send ARP request to ff:ff:ff:ff:ff:ff from MAC{B} "Who has IPADDR{FW}?
tell IPADDR{B}"
- B receive ARP response from MAC{F1} to MAC{B} "IPADDR{FW} is at MAC{F}
- B receive ARP response from MAC{F2} to MAC{B} "IPADDR{FW} is at MAC{F}
- B send an ethernet frame to F from MAC{B} IPADDR{B} to MAC{F} IPADDR{F}
- A receive this ethernet frame
- A send a new frame from MAC{A} IPADDR{B} to MAC{?} (this MAC is a
multicast mac that is not used by any of my openbsd server)
This mean the one initial frame is duplicated and by cascade, huge of
ethernet frames are transmitted.
This behavour makes the performance of the firewall decreasing.
Ethernet frames sent by another sever (SERVER2) to a multicast mac address
that is handled by a cluster of firewall (commercial product) are received
and resent to another multicast mac address.
Thanks for help,
Fred
