Information is communicated over the Internet using packet switching technology, in which information is broken up into packets of data that are routed from a source to a destination, typically based on a destination Internet Protocol (IP) address. Routers and other machines in the network use routing protocols to ensure that data makes it from the source machine to the intended destination, which is then able to reassemble the packets to form the original information sent, such as an email, a movie, or a web page. Each router in the network maintains a routing table or other data structure, which includes information regarding the available routes to various network destinations. Routers execute routing protocols to dynamically update the routing tables of the routers. In general, a router executes routing protocols to discover information about the network topology around the router. Routing tables often also include metrics such as the distance associated with various routes, such as the number of hops and amount of time needed to communicate with a remote system over a certain network path.
After determining routes through a network, routers select certain routes to reach various destinations. In particular, a control plane of a router may select routes to reach various destinations that have shortest paths and/or lowest costs for reaching the destinations. The control plane then programs one or more forwarding tables of the router to include information indicating “next hops” along the corresponding selected route. The forwarding information of the forwarding tables map network destinations to interfaces of the corresponding router, such that forwarding units of the router can forward packets destined for the network destinations via the corresponding interfaces to reach the next hops.
In some cases, virtual routers, which are executed by one or more physical routers, perform routing and forwarding operations. In a more detailed example, a virtual router redundancy protocol (VRRP) is often used to specify a router group including a master virtual router, and one or more backup virtual routers on a different physical router operable to take over the master virtual router's routing tasks should the master virtual router fail. VRRP provides redundancy to routers within a local area network (LAN). VRRP allows a network to provide alternate router paths for a host without changing the IP address or MAC address with which the host associates its gateway. That is, the default gateway of a participating host is assigned to the virtual router instead of a physical router. A virtual router may be defined by its virtual router identifier (VRID) and IP addresses, and is also associated with a single virtual MAC address. This virtual MAC address may map to the VRRP virtual router ID.
In some cases, an enterprise may use MAC filtering to perform access control to the enterprise's network. MAC addresses can be used to uniquely identify a device in a broadcast domain and hence used to create a “black list” and “white list” to deny and permit access, respectively, to specific devices. These approaches to filtering can be effective in controlling network access in data centers and in closed wireless environments. MAC layer filtering may build access lists based on source or destination addresses in the MAC layer headers in the Ethernet/IEEE 802.3 frame.