After I published the Source IP Address in Multicast Packets blog post, Erik Auerswald sent me several examples of network devices sending IP packets with source IP address set to 0.0.0.0:

• Cisco wireless access points using 0.0.0.0 as the source IP address in VRRP packets.
• Extreme (formerly Avaya) switches sending IGMP queries with source IP address 0.0.0.0 on VLANs on which they have no IP address.

There’s also the infamous case of switches configured with EVPN proxy ARP functionality but without a usable IP address. Those switches send ARP requests with source IP address 0.0.0.0 when trying to validate cached ARP entries, confusing Windows hosts acquiring their IP address via DHCP – ARP requests sent from IP address 0.0.0.0 are used early in DHCP address acquisition process to allow DHCP clients to detect duplicate IPv4 addresses.

The root cause common to many of these SNAFUs: a network device allows you to configure IP functionality on interfaces without usable IP addresses. I wouldn’t be surprised if those devices use whatever value is in the “interface IP address” field without checking it’s not zero. Or as Erik concluded in his email:

What I see as problematic is that all of the above often just works, so vendors have no motivation to find a clean solution. Sometimes something breaks in unexpected ways, and one starts to wonder how anything could have worked before.

Even worse, sometimes vendors publish a knowledge base article telling you how to configure other vendor’s gear to tolerate their stupidity. Static ARP entries for Microsoft NLB immediately come to mind as does this VMware mastepiece.

Revision History

2023-06-20

Fixed a blooper: Cisco APs send VRRP packets (not IGMP packets) with source IP address set to 0.0.0.0