19-12-2023 9:40
Whilst my broadband is working, I recently started to see the firewall messages " [ARP] Ignore VRRP MAC address: 00:00:5E:00:01:03" every couple of seconds on my Draytek broadband router (I use my own instead of the lightweight Now Broadband hub).
On investigation my Draytek has default config "Decline VRRP MAC into ARP table" which blocks accepting the Multicast VRRP MAC address for the gateway IP.
When I look in the Drayteks WAN ARP cache it is empty (which is strange as I'd expect to see the Unicast MAC of the Gateway router that currently "owns" the Gateway IP address).
If I disable this Draytek firewall setting then the security message goes away, and in the WAN ARP cache I see the Multicast VRRP MAC for the Gateways IP.
Just intrigued as to whether Now Broadband (Sky) routers recently started using VRRP, or whether this security setting somehow became enabled on my Draytek. Also wonder why when its enabled I don't see the Unicast MAC of the Gateway IP in its ARP cache.
20-12-2023 9:03 - edited 20-12-2023 9:12
https://www.draytek.com/support/knowledge-base/5015
As far as I know, VRRP is an enterprise-level feature for load balancing across multiple candidate routers.
As I think it very unlikely that you, or anybody on Now, has such a setup, then if VRRP applied to Now, it would be multiple routers at their end; but I think it even more unlikely that Now would allow any customer router to attempt load balancing on Now’s kit.
i think your best bet is to contact Draytek, who presumably must know the logic of providing the setting you are toggling here, and ask their advice on this.