Running VRRP in my network for the first time, have used VRRP/HSRP before in the past, but never had to get in the weeds like this before.....
Have a very sensitive host that can be overwhelmed with traffic easily. So I put a span on this, as we kept getting communication issues with it, but could not figure out why. It seems that any traffic destined to the gateway within this vlan gets flooded out everywhere.
Example. So let's say a windows PC wants to RDP from vlan 1 to vlan 2 from source 10.1.1.1 to 10.2.2.1 . It will have a destination mac address of 00:00:5e:00:01:29, which is the VRRP gateway virtual IP. (IETF-VRRP-VRID_29). This apparently will be seen on all hosts in vlan 1. So 10.1.1.2 sees this traffic happening. This is because of how this mac address has to flood around to figure out which way to go. To me, these hosts should have no business seeing this traffic, but according to the vendor this is normal.
Is this right? This does not seem right to me. A mac address should be learned and forwarded. Not flooded out everywhere for all hosts to see?
No comments:
Post a Comment