× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Schema of a Smart Home: One IP => Multiple MACs

Jamie-NH
Aspirant

Schema of a Smart Home: One IP => Multiple MACs

I use an XR700 router with a EX8000 extender. They were expensive and I hope that they would provide my household a few more years of service.

 

I want to use TP-Link Smart Plugs (Kasa brand) because TP-Link offers great control API's. I need to get confirmations about on/off events and either retry or alert if there is a problem. This plug runs a pump, so it is important for my home automation to have certainty on plug events and status.

 

In order to use these devices and API's, all I need is a fixed IP address for the plug. Easy, right? Huh!

 

I have heard others folks here with similar requirements for knowing a device's IP address and they have been struggling for longer than I have with the history: Netgear, along with a few other companies, broke the 1:1 association between the physical interface and a MAC address in order to improve WiFi extender performance. They introduced the Virtual MAC addressing.

 

The problem is that Netgear has not updated their router logic to accommodate this new 1:M schema and it has remained broken for years. As smart devices and control mechanisms proliferate, Netgear will need to fix only one thing to allow these smart objects flourish within their networks, a second MAC address for one IP address:

 

ng2.jpg

 

I honestly believe that these services will only support dumb homes until this self-inflicted wound has healed. The logic required for this firmware update is not so expensive to produce. NETGEAR, please do it to keep your products and networks on-line and your customers happy!

 

I notice in DumaOS, that a "client device" can be listed with multiple MAC addresses. So, there must be some logic that supports a 1:M schema at least by "device name" that might be formally defined an extended to the reservation table structure:

 

ng1.jpg

Message 1 of 13
schumaku
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

Definitive illegal to have one IP address with multiple MAC. The mess is predictable once both MAC addresses appear on the same L2 network. All alerts must ring in case the same IP address appears with different MAC addresses!

 

The reason why Netgear (and other makers of legacy extenders) implementing what is designated as MAC translation is key of that specific design, because the same MAC address should never appear on what are different interfaces. It was not chosen to make our life hard, it was selected to keep things easier with the implementation. Technically, these extenders are not bridges, but much more streamlined L2 NAT routers - and behave completely independent to the IP addresses.

 

Those routers resp. their DHCP servers which allow to define multiple MAC addresses on the IP-MAC work on the (wrong!) expectation the same device has always the same IP address - completely misleading, and prone to errors and mishaps.

 

The obvious reason why the MAC address must be unique is in the ARP protocol. So everything just to get some kind of *fixed" IP addresses? In the times of Bonjour, WS-Discovery, and multicast DNS a complete obsolete approach from the 1970ties when ARPANET (based on 1986 ideas) and IPv4 was designed.

 

Message 2 of 13
Jamie-NH
Aspirant

Re: Schema of a Smart Home: One IP => Multiple MACs


@schumaku wrote:

Definitive illegal to have one IP address with multiple MAC. The mess is predictable once both MAC addresses appear on the same L2 network. All alerts must ring in case the same IP address appears with different MAC addresses!

One Mac for each IP was a great idea, but wasn't that law broken with the advent of Virtual MAC Addressing?

 

Of course this is already broken. My router already shows (see my second screen-shot) a device with one IP and two MAC addresses. We are indeed already living in the mess caused by the reality of two MACs per IP.

 

What does an industry leader, NETGEAR, offer as a solution to this problem that they co-invented?

 

That mess, specifically, is expressed as a device that can no longer be statically-addressed by MAC or IP.

 

Do you really suggest clients look for proprietary solutions to get a handle on a device, like a Bonjour name or an Alexa registry? Do I really want to hard code: "Alexa, Turn of the pump" ?!?

 

Many people have thrown up their hands and simply shut down the Netgear DHCP server because it provides no reliable device tracking. When you bring in secondary devices running DHCP and DNS, that's a whole new level of messiness, complication and unreliability. I think there is a better solution to be offered on the router and I hope someone is smart enough to invent it and implement it on hardware that I've already invested in.

 

Message 3 of 13
FURRYe38
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

From what you posted, those MAC addreses are different and displayed by the XR router as it sees it. 

 

You don't need fixed or static IP addresses for your smart plugs I have one smart plug and it uses Dynamic IP addressing. Runs fine with there smart plug mobile app. 

 

However, if the smart plug offers any kind of static IP addressing configurations, one could set a static IP address here ON the device that is OUTSIDE of the routers default IP address pool range. Then this static IP address won't change and you'll know what it is and where it's assigned too. Something I do with my XR700 currently. 

I have a managed switch and Orbi router in AP mode. Both have static IP configurations on them and works fine. 

 

Again as it's mentioned already, networking specs do NOT allow for same IP addresses to occupy or assign to same MAC addresses. This is to avoid IP addressing conflicts and networking connections from being properly made per device/MAC addresses. 

 

The XR700 is EoL and not sure if NG is going to do any more development on it. I've asked about this and still up in the air. NetDuma has been running some beta testing for there side of the FW since they are the designers of that side of the FW. They don't addresses anything on the NG side from what understand. https://community.netgear.com/t5/Nighthawk-Pro-Gaming-DumaOS-3-0/NOTICE-NETDUMA-Beta-Firmware-for-th...

 

 

Message 4 of 13
Jamie-NH
Aspirant

Re: Schema of a Smart Home: One IP => Multiple MACs

 

I'm not sure how much more "messy" things could get when we already have 2 MAC addresses assigned to the same IP address?

 

For example, the EX8000 shows:

 

ng3.jpg

Now, what would break if the router allowed for a reservation table that had the same two MAC's for this single interface? If NETGEAR cannot share this info between the EX8000 and XR700, then just let me type it in myself and leave the responsibility with me with some words of caution. We all know that only one of these MAC's will show up on the link layer at any given moment. And, it's not like there is fencing put around every place users could mess things up on a router!

 

I used the term statically-addressed which was confusing - apologies. I only seek a dynamic DHCP assignment of an IP via some IP reservation mechanism. There is no static IP option on the Kasa smart plug (I would want to manage addresses centrally, anyway) and I do not want to use a smartphone app to operate plugs manually. Instead, I want to automate an "on" command for a pump when a container is getting full using a Node-Red interface. People like to automate stuff like this and are hitting this issue and building their own dnsmasq or moving to DD-WRT or proprietary mesh rather than leveraging existing standards and asking vendor to fix what they have broken.

 

 

Message 5 of 13
schumaku
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

@Jamie-NH wrote:

Now, what would break if the router allowed for a reservation table that had the same two MAC's for this single interface? If NETGEAR cannot share this info between the EX8000 and XR700, then just let me type it in myself and leave the responsibility with me with some words of caution. We all know that only one of these MAC's will show up on the link layer at any given moment. And, it's not like there is fencing put around every place users could mess things up on a router!


To say it once again: The MAC translation in place on these old extender designs is key for it's operations. Sure, it does prohibit -any- common DHCP server implementation to assign the same IP address what are physically to different networks, on both sides of the extender (the wireless vs. the physical LAN port).

 

Message 6 of 13
FURRYe38
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

Something you can try, Turn OFF the EX extender and let the devices all connect to the XR router. Setup some IP address reservations there for your devices you want to control and such. Once that's all setup and working, then power ON the EX extender. See if this configuration continues to work with the EX on. Maybe something to get into a different extender as well. Not sure if the new EAX series would have same problem or not. I haven't ran one in a long time. I know a MESH system, you'll not see this issue. 


@Jamie-NH wrote:

 

I'm not sure how much more "messy" things could get when we already have 2 MAC addresses assigned to the same IP address?

 

For example, the EX8000 shows:

 

ng3.jpg

Now, what would break if the router allowed for a reservation table that had the same two MAC's for this single interface? If NETGEAR cannot share this info between the EX8000 and XR700, then just let me type it in myself and leave the responsibility with me with some words of caution. We all know that only one of these MAC's will show up on the link layer at any given moment. And, it's not like there is fencing put around every place users could mess things up on a router!

 

I used the term statically-addressed which was confusing - apologies. I only seek a dynamic DHCP assignment of an IP via some IP reservation mechanism. There is no static IP option on the Kasa smart plug (I would want to manage addresses centrally, anyway) and I do not want to use a smartphone app to operate plugs manually. Instead, I want to automate an "on" command for a pump when a container is getting full using a Node-Red interface. People like to automate stuff like this and are hitting this issue and building their own dnsmasq or moving to DD-WRT or proprietary mesh rather than leveraging existing standards and asking vendor to fix what they have broken.

 

 


 

Message 7 of 13
Jamie-NH
Aspirant

Re: Schema of a Smart Home: One IP => Multiple MACs


@FURRYe38 wrote:

Something you can try, Turn OFF the EX extender and let the devices all connect to the XR router. Setup some IP address reservations there for your devices you want to control and such. Once that's all setup and working, then power ON the EX extender. See if this configuration continues to work with the EX on.

 

I did this and it worked (for now, at least). I am very confused.

 

I would have expected that when the devices migrated back to the extender, the router would see their virtual MAC's and it did:

 

active-1.jpg

 

However, the router's DHCP service then broke its own reservation rules and provided the virtual MAC device with the IP reservation associated with the native MAC address. Wow! What is going on here?!? The router shouldn't recognize the device by virtual MAC, right?

 

Perhaps, the IP reservation was just being held by the devices and simply weren't yet relinquished. But I setup my DHCP reservations to expire in 1 hour for this testing situation and this stickiness has lasted over night.

 

Furthermore, I created a second reservation for the virtual MAC to set the device to a different IP address and kept the original (native MAC):

 

rez.jpg

 

The router's DHCP still provided the 1.23 address associated with the native MAC.

 

So, I rebooted the plug (power off/on) - it connected through the extender with virtual MAC and still got native MAC reserved IP - good! Big test, unplugged device and rebooted router and extender then plugged in device after extender was up and STILL GOOD.

 

What is going on here, @FURRYe38?

 

Can I count on this reservation to last? Is that why I see this entry in my client list (even after the reboot) with two MAC addresses associated with a single device, like this:

 

rez-4.jpg

 

Thanks for your help.

 

Message 8 of 13
schumaku
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs


@Jamie-NH wrote:

@FURRYe38 wrote:

Something you can try, Turn OFF the EX extender and let the devices all connect to the XR router. Setup some IP address reservations there for your devices you want to control and such. Once that's all setup and working, then power ON the EX extender. See if this configuration continues to work with the EX on.

 

However, the router's DHCP service then broke its own reservation rules and provided the virtual MAC device with the IP reservation associated with the native MAC address. Wow! What is going on here?!? The router shouldn't recognize the device by virtual MAC, right?

 

The router's DHCP still provided the 1.23 address associated with the native MAC.


Again, down to the basics. This magic XR700 is a Netgear device, enhanced with the NetDuma code for the gaming features.

 

The underlaying DHCP server is the very say like on any other Netgear consumer router, with the industry standard design of -one- MAC address and -one- IP address, and built (unless I'm very wrong) based on the ubiquitous and omnipresent Busybox udhcpd DHCP. To me, it looks like NetDuma (and/or Netgear) has added this not just misleading, but technically wrong idea for supporting a single IP address with two or more MAC addresses in their gaming router Web UI.

 

What you experience is nothing but the RFC compliant, industry standard behavior of the Busybox udhcpd DHCP. Which ever MAC is taking preference is likely mostly random, active in the HDCP processing is only -one- MAC and the -one- associated IP address.

 

Back to the sender, being to Netgear and/or NetDuma, to get their pants up, ideally to remove or disable this ability to define -one- IP address with two or more MAC - simply because the Busybox udhcpd can't and will likely -never- deal with. Because it does not have to. The router behavior is correct 8-)

 

Cumbersome this discussion is currently in the Wi-Fi Range Extenders 6 Nighthawk Mesh community section, where @Netduma_Alex @Netduma-Liam @Netduma_Luke @Netduma_Jack are not participating - as the problem the customer facing is caused by a wrong Web UI implementation on the Netgear Gaming routers.

 

 

Message 9 of 13
Jamie-NH
Aspirant

Re: Schema of a Smart Home: One IP => Multiple MACs


Which ever MAC is taking preference is likely mostly random, active in the HDCP processing is only -one- MAC and the -one- associated IP address.

We know that the MAC presented to the router is not random (the device advertises its actual MAC without an extender, otherwise the first 24 bits are replaced with 02:0F:B5 by the extender).

 

My test indicates that the IP reservation is not random, either. After the router first met might smart plug yesterday, without an extender in between, the router seems to know the device and remember it after rebooting and always feed it the IP associated with the real MAC (,even if the device is now only presented through the extender using a virtual MAC).

 

Another way to see this is when you click "Add" under IP reservations, you get a live list of routes and this is active:

192.168.1.23XEspresso02:0F:B5:C7:DF:AC

 

I can operate the smart plug by IP address and ping it, so it is indeed x.x.1.23

 

 

As explained, I have the following IP reservation for this virtual MAC which is being ignored by dhcpd:

192.168.1.16XEspresso02:0F:B5:C7:DF:AC

 

The router is exercising this reservation instead:

192.168.1.23Espresso9C:53:22:C7:DF:AC

 

So is this really just the GUI presenting the wrong world to the user or is there some undocumented stickiness found in the IP reservation system?

 

In case this makes a difference, the above testing is with a extender model RBS40V (not my EX8000, which also overwrites the first 24 bits with 02:0F:B5).

 

My DHCP system does have another bug, where it occasionally dishes out IP's below the range set. This is probably not related, unless it is remembering a device from even before the range was set a year ago.

 

My one test is hardly conclusive, I understand. I will do more testing when my wife is sleeping and the network can be repeatedly bounced.

 

Message 10 of 13
schumaku
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

There is nothing overwritten. What you talk of are Locally Administered Addresses, these
can be identified by looking at the second hex character in the MAC Address. If the character is a 2, 6, a or e, the address is considered as locally administered.

This technology is used by various extenders - in this case it's MAC address translation as explained multiple times already, this design is not limited to Netgear. Similar addresses are used on wireless access points multiple SSIDs mapped to different VLANs.

Al these addresses are used on purpose, by design - nothing random: The extender does handle these correct. Just your idea on forcing the same IP on different MAC address is basically wrong. The DHCP server on the router (here your Gaming Router) - but any other industry standard DHCP server has the same limitations: By design and intention.

If you want to avoid these issues, deploy real wireless access points instead of this consumer extenders - capable WiFi mesh extenders (in full Mesh mode, not in extender mode) don't have these limitations, too.
Message 11 of 13
Jamie-NH
Aspirant

Re: Schema of a Smart Home: One IP => Multiple MACs


@schumaku wrote:
There is nothing overwritten.

I thought that MAC address translation required the loss of the first half of the MAC address when routed outside of the WiFi extender's SSID realm. Is the device's real MAC ever shared with the XR700 router by a WiFi extender?

 


@schumaku wrote:
This technology is used by various extenders - in this case it's MAC address translation as explained multiple times already, this design is not limited to Netgear.

I stated that other vendors do this in my first post. Doing something because others do it is never a reasonable excuse, though.

 

@schumaku wrote:
Just your idea on forcing the same IP on different MAC address is basically wrong. The DHCP server on the router (here your Gaming Router) - but any other industry standard DHCP server has the same limitations: By design and intention.

Lets be crystal clear and not muddy my proposal. My proposal is to allow for only a virtual MAC address and its real MAC address to both by identified for an IP reservation. If it is true that these two MAC addresses refer to the same physical interface, then how "wrong" is this really? What would it break?

 

My other question remains: Isn't netgear/dumaos already making this association on the XR700? We see the virtual and the real MAC's listed together under the same device under "Client Connections" and IP Reservations ARE WORKING even when a device is behind and extender and after multiple reboots of all 3 hardware components. How can this behavior be explained?

 

 

Message 12 of 13
schumaku
Guru

Re: Schema of a Smart Home: One IP => Multiple MACs

What ever is apparently working there. Fact is the DHCP implementation on none of these routers (including your XR700) does work with two MAC and just one IP, even if it does list two MAC adresses - what makes absolutely no sense.

This MAC address translation is not an excuse, it just explains the reality if many WiFi extender products, regardless which brand.

There might be alternate (better, more expensive) solutions bot doing MAC address translations.
Message 13 of 13
Top Contributors
Discussion stats
  • 12 replies
  • 769 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7