Juniper Networks, Inc.
Destination MAC validation per logical interface of a network device

Abstract:

In one example, a network device includes an interface card comprising a physical network interface; a forwarding component associated with the interface card; a control unit comprising one or more processors, wherein the control unit is configured to program the forwarding component to configure sets of one or more valid media access control (MAC) addresses in association with respective logical interfaces of a plurality of logical interfaces configured for the physical interface, wherein the forwarding component is configured to identify a logical interface of the plurality of logical interfaces with which to process a packet received by the network device at the physical interface, and wherein the forwarding component is configured to, in response to a determination that the set of valid MAC addresses associated with the identified logical interface does not include a valid MAC address that matches a destination MAC address of the packet, drop the packet.