Bug #4284
closed
PFSense 2.2. won't automatically add arp entries from multicast mac addresses into its arp table
0%
Description
I have a cluster created with Windows Network Load Balancing using the IGMP multicast. Anyway, the cluster IP has a multicast mac address (Starts with 01:00:5E).
I captured all arp traffic and found this:
20:44:34.230555 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:34.230777 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:34.230779 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:35.313687 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:35.313908 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:35.313915 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:36.067167 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:36.067478 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:36.067853 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:37.216105 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:37.216322 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:37.216329 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:38.143842 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:38.144042 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:38.144044 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:39.152743 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:39.152966 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:39.153091 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:40.166170 ARP, Request who-has 192.168.1.10 tell 192.168.1.5, length 28
20:44:40.166387 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
20:44:40.166393 ARP, Reply 192.168.1.10 is-at 01:00:5e:40:01:0a, length 46
However the mac address never makes it into the ARP table. I added the mac address manually from the command line by running: arp -S 192.168.1.10 01:00:5e:40:01:0a and then the PFSense firewalls could ping 192.168.1.10
Updated by Jonathan Black almost 10 years ago
This can be permanently fixed on each PFSense Firewall by:
System->Advanced->System Tunables
Then add an entry for "net.link.ether.inet.allow_multicast" and set its value to 1.
This was not an issue in 2.1.5.
Updated by Chris Buechler almost 10 years ago
- Status changed from New to Rejected
that'll be required to add as a tunable where you need that to work. The fact it worked before was technically the bug, acting in violation of RFC 1812.
A router MUST not believe any ARP reply that claims that the Link Layer address of another host or router is a broadcast or multicast address.
What 2.2 does by default is the correct behavior.
Updated by Sam Bingner almost 10 years ago
This should probably be added to System-Advanced Network then so people can actually find this to fix it