How the virtual MAC address is determined

How the virtual MAC address is determined

The virtual MAC address is determined based on following formula:

00-09-0f-09-<group-id_hex>-(<vcluster_integer> + <idx>) where <group-id_hex> is the HA Group ID for the cluster converted to hexadecimal.The following table lists the virtual MAC address set for each group ID.

 

HA group ID in integer and hexadecimal format  
Integer Group ID Hexadecimal Group ID
 

0

 

00

 

1

 

01

 

2

 

02

 

3

 

03

 

4

 

04

 

Integer Group ID                                                       Hexadecimal Group ID

 

…                                                                                    …

 

10                                                                                   0a

 

11                                                                                   0b

 

…                                                                                    …

 

63                                                                                   3f

 

…                                                                                    …

 

255                                                                                 ff

 

<vcluster_integer> is 0 for virtual cluster 1 and 20 for virtual cluster 2. If virtual domains are not enabled, HA sets the virtual cluster to 1 and by default all interfaces are in the root virtual domain. Including virtual cluster and virtual domain factors in the virtual MAC address formula means that the same formula can be used whether or not virtual domains and virtual clustering is enabled.

<idx> is the index number of the interface. Interfaces are numbered from 0 to x (where x is the number of interfaces). Interfaces are numbered according to their has map order. See Interface index and display order on page 1503. The first interface has an index of 0. The second interface in the list has an index of 1 and so on.

Only the <idx> part of the virtual MAC address is different for each interface. The <vcluster_integer> would be different for different interfaces if multiple VDOMs have been added.

Between FortiOS releases interface indexing may change so the virtual MAC addresses assigned to individual FortiGate interfaces may also change.

 

Example virtual MAC addresses

An HA cluster with HA group ID unchanged (default=0) and virtual domains not enabled would have the following virtual MAC addresses for interfaces port1 to port12:

  • port1 virtual MAC: 00-09-0f-09-00-00
  • port10 virtual MAC: 00-09-0f-09-00-01
  • port2 virtual MAC: 00-09-0f-09-00-02 l  port3 virtual MAC: 00-09-0f-09-00-03 l  port4 virtual MAC: 00-09-0f-09-00-04 l  port5 virtual MAC: 00-09-0f-09-00-05 l  port6 virtual MAC: 00-09-0f-09-00-06 l  port7 virtual MAC: 00-09-0f-09-00-07
  • port8 virtual MAC: 00-09-0f-09-00-08
  • port9 virtual MAC: 00-09-0f-09-00-
  • port11 virtual MAC: 00-09-0f-09-00-0a
  • port12 virtual MAC: 00-09-0f-09-00-0b

 

If the group ID is changed to 34 these virtual MAC addresses change to:

  • port1 virtual MAC: 00-09-0f-09-22-00 l  port3 virtual MAC: 00-09-0f-09-22-03 l  port4 virtual MAC: 00-09-0f-09-22-04 l  port5 virtual MAC: 00-09-0f-09-22-05 l  port6 virtual MAC: 00-09-0f-09-22-06 l  port7 virtual MAC: 00-09-0f-09-22-07 l  port8 virtual MAC: 00-09-0f-09-22-08 l  port9 virtual MAC: 00-09-0f-09-22-
  • port11 virtual MAC: 00-09-0f-09-22-0a l  port12 virtual MAC: 00-09-0f-09-22-0b l  port10 virtual MAC: 00-09-0f-09-22-01 l  port2 virtual MAC: 00-09-0f-09-22-02 A cluster with virtual domains enabled where the HA group ID has been changed to 23, port5 and port 6 are in the root virtual domain (which is in virtual cluster1), and port7 and port8 are in the vdom_1 virtual domain (which is in virtual cluster 2) would have the following virtual MAC addresses:
  • port5 interface virtual MAC: 00-09-0f-09-23-05 l  port6 interface virtual MAC: 00-09-0f-09-23-06 l  port7 interface virtual MAC: 00-09-0f-09-23-27 l  port8 interface virtual MAC: 00-09-0f-09-23-28

One thought on “How the virtual MAC address is determined

  1. gomiya

    Hi.
    do you know how does it affect that in a vmware lab environment?
    We have to accept promiscuous mode in every HA port but also we accept changes MAC. How do we could set that in workstation environment?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.