Application Scenarios for MFF
MFF isolates user devices in a broadcast domain at Layer 2 and allows them to connect at Layer 3. MFF uses proxy ARP to capture ARP request packets and returns an ARP reply packet with the gateway MAC address as the source MAC address to users. All traffic from users is forwarded to the gateway so the gateway can monitor traffic and prevent attacks.
In Figure 1, user traffic is sent to the gateway but not to the Layer 2 aggregation node. Users are isolated at Layer 2.