Guest

Preview Tool

Cisco Bug: CSCvs72030 - N5K: Device forwards link layer broadcasts, RFC 1812 violation

Last Modified

Sep 24, 2020

Products (1)

  • Cisco MDS 9000 NX-OS and SAN-OS Software

Known Affected Releases

7.3(7)N1(0.784) 9.3(3)

Description (partial)

Symptom:
A Nexus 5000 device that receives a link layer broadcast (destination MAC address of ffff.ffff.ffff) destined to a unicast or directed broadcast IP address punts the packet to the device's control plane, which then forwards the traffic according to its unicast routing table.

This behavior is in violation of RFC 1812 Section 5.3.4:

5.3.4 Forwarding of Link Layer Broadcasts

   The encapsulation of IP packets in most Link Layer protocols (except
   PPP) allows a receiver to distinguish broadcasts and multicasts from
   unicasts simply by examining the Link Layer protocol headers (most
   commonly, the Link Layer destination address).  The rules in this
   section that refer to Link Layer broadcasts apply only to Link Layer
   protocols that allow broadcasts to be distinguished; likewise, the
   rules that refer to Link Layer multicasts apply only to Link Layer
   protocols that allow multicasts to be distinguished.

   A router MUST NOT forward any packet that the router received as a     <<<
   Link Layer broadcast, unless it is directed to an IP Multicast         <<<
   address.  In this latter case, one would presume that link layer       <<<
   broadcast was used due to the lack of an effective multicast service.  <<<

   A router MUST NOT forward any packet which the router received as a
   Link Layer multicast unless the packet's destination address is an IP
   multicast address.

   A router SHOULD silently discard a packet that is received via a Link
   Layer broadcast but does not specify an IP multicast or IP broadcast
   destination address.

   When a router sends a packet as a Link Layer broadcast, the IP
   destination address MUST be a legal IP broadcast or IP multicast
   address.

Conditions:
1. Nexus 5000 device
2. Nexus receives a link layer broadcast packet (destination MAC of ffff.ffff.ffff) with a unicast or directed broadcast destination IP address
3. Relevant traffic is observed in the control plane (through Ethanalyzer)
4. Relevant traffic is observed in the downstream forwarding path, indicating that the Nexus forwards the packet according to its unicast routing table
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.