MACFF

MAC-Forced Forwarding (MACFF)用於控制計畫外的廣播包主機對主機之間的通訊·這一功能主要通過以下來達成,位於統一子網內部但位於不同區域的主機之間的通訊,將網路傳輸包直接傳輸給網關設備.這也是網路二層提供的安全功能,因為主機與主機之間的數據包無法直接傳輸·

基本介紹

  • 中文名:MACFF
  • 外文名:MAC-Forced Forwarding
  • 用途:控制廣播包主機對主機之間通訊
  • 屬性:網路設備
作用,交換機,

作用

MAC-Forced Forwarding (MACFF) is used to control unwanted broadcast traffic and host-to-host communication. This is achieved by directing network traffic from hosts located on the same subnet but at different locations to an upstream gateway device. This provides security at Layer 2 since no traffic is able to pass directly between the hosts.
MACFF is suitable for Ethernet networks where a layer 2 bridging device, known as an Ethernet Access Node (EAN), connects Access Routers to their clients. MACFF is configured on the EANs.
MACFF適用於二層橋設備所在的乙太網網路.也就是大家所知道乙太網訪問節點(EAN),後者將接入路由器與其客戶端連線起來.MACFF就配置在EAN上.
MACFF is described in RFC 4562, MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network.
MACFF在RFC 4562中有描述,MAC-Forced Forwarding.主要是在乙太網訪問網路中用於網路接入分離的一種方法.
Allied Telesis switches implement MACFF[1] using DHCP snooping to maintain a database of the hosts that appear on each switch port. When a host tries to access the network through a switch port, DHCP snooping checks the host’s IP address against the database to ensure that the host is valid.

交換機

Allied Telesis交換機將MACFF的概念套用到DHCP窺探(DHCP snooping)中,後者主要是用於維護一個連線到每個交換機連線埠的主機資料庫信息.當一台主機試圖通過一個交換機連線埠接入網路時,DHCP窺探(DHCP snooping)就會將這台主機的IP位址與資料庫中的信息進行比對,以確認該主機具有接入網路的許可權.
MACFF then uses DHCP snooping to check whether the host has a gateway Access Router. If it does, MACFF uses a form of Proxy ARP to reply to any ARP requests, giving the router's MAC address. This forces the host to send all traffic to the router, even traffic destined to a host in the same subnet as the source. The router receives the traffic and makes forwarding decisions based on a set of forwarding rules, typically a QoS policy or a set of filters.
然後MACFF使用DHCP窺探(DHCP snooping)來檢查這台主機是否設定了網關接入路由器的相關信息.如果主機設定了該信息,那么MACFF通過Proxy ARP格式將路由器的MAC地址作為答案來應答任意的ARP請求.這將導致主機將所有數據包送給路由器,就算數據包的目的地是位於同一子網內部的一台主機.路由器在接收到數據包之後,基於一系列的轉發規則,例如QoS策略或者過濾等決定是否轉發或具體的轉發操作.

相關詞條

熱門詞條

聯絡我們