Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Alia Atlas akatlas at gmail.com
Fri Dec 2 16:16:36 UTC 2016


On Fri, Dec 2, 2016 at 11:07 AM, Christopher Morrow <morrowc.lists at gmail.com
> wrote:

> On Fri, Dec 2, 2016 at 11:02 AM, Simon Lockhart <simon at slimey.org> wrote:
>
> > On Fri Dec 02, 2016 at 10:29:56AM -0500, Christopher Morrow wrote:
> > > you'd think standard testing of traffic through the asic path somewhere
> > > between 'let's design an asic!' and 'here's your board ms customer!'
> > would
> > > have found this sort of thing, no? or does testing only use 1 mac
> address
> > > ever?
> >
> > Well, it's actually payload, rather than src/dst MAC used for forwarding,
> > so
> > there's quite a few more combinations to look for...
> >
> > 2^(8*9216) is quite a lot of different packets to test through the
> > forwarding
> > path... But, wait, that assumes every bit combination for 9216 byte
> > packets,
> > but the packet might be shorter than that... So multiply that by
> (9216-64).
> >
> >
> but  most/all forwarding asics (aside from perhaps extreme's?) only deal
> with the first N bits in the header (128 or so..) so... not quite as many
> right?


This sounds related to the well-known (at least 10+ years) issues around
guessing the
type of IP packet by looking at the first nibble of the encapsulated packet.
Take a quick look at RFC 7325, section 2.4.5.1 bullet 6.
This is what using the pseudo-wire code-word is meant to protect against.

I don't know if that's an option for networks using this.

Regards,
Alia



>
> > Anyone want to work out how many years that'd take to test, even at 100G?
> >
> > Simon
> >
>


More information about the NANOG mailing list