Re: [DNA] High-level overview of DNA, take 2

[Erik Nordmark <erik.nordmark@sun.com>]

Bernard Aboba wrote:

> Using the same IEEE 802 MAC address on multiple router ports will cause 
> problems with VLAN learning operation (e.g. same MAC address would be in 
> multiple VLANs so the interface will receive traffic on VLANs it doesn't 
> belong to), so this is not a good idea (which is why routers or bridges 
> do not do this).

That might be a problem on the bridges themselves, but it can't be true 
for hosts attaching to those VLANs because if it was, we'd have a 
serious security problem. (Where a host which is on VLAN x can disrupt 
packet flow on VLAN y by choosing the source MAC address to be the 
same.) Come to think of it, this might have been part of the security 
bugs in the pre-standard VLAN bridges that some vendors shipped.

>> In that case you'd get an ARP response even though the host had moved 
>> to a different link.
> 
> This wouldn't cause a problem because DHCP runs in parallel and if a 
> different address were assigned it would over-ride.

Correct for DNAv4. But for DNAv6 we have no all-knowing entity like a 
DHCP server which can verify the addresses; we have to cope with what 
the RFC 2461 conformant routers will hand us.

    Erik