Hidden bug (feature?) Switch ZyXEL ES-2108-G

When administering the Tier-3 provider network, you come across some very interesting features of some vendors.
About one of these features and will be discussed in this article.

Prehistory

Initially, there was the following network topology:
')


As unnecessary, it was decided to dismantle Switch 1 . Without waiting for the installers report, I, sitting at PC 1 , decided to check the availability of the switch. As expected, he did not respond. I do not remember from what considerations, I decided to make a pre-trace to it.

Strangely enough - the trace reached the end node, but the answer came from the IP address configured on the ZyXEL .

After a certain amount of time, the situation returned to normal, the trace did not go further than Router 1 , but what it saw
did not give me rest.

Search for reasons

After another worker, I decided to build a similar topology in the office and get to the bottom of the truth.
With minimal effort, I assembled a test network:



I checked the availability of each node - everything pinged. Next, I launched Wireshark on Test PC , disconnected (physically)
Test Switch . As before, the ping did not pass to the Test Switch , but the traceroute at 10.230.160.20 stubbornly showed the end node 10.230.160.9.

I got what I wanted - a traffic dump.

As you can see, the packages leave Test PC in the direction of the Test Switch :


Next we get ICMP packets from Zyxel Type-3, Code-3:


After cleaning up FDB on Zyxel , I saw the long-awaited ARP:


Why traceroute was outputted by the Zyxel end node - we figured it out, it remains to understand the reason for Zyxel’s strange behavior.

Conclusion

For the answer, tormenting me, I went to the support service of the company Zyxel. The conversation lasted a week, I sent dumps to specialists, configuration files, they, in turn, offered up-to-date firmware versions, which, unfortunately, did not fix this bug.

As a result of the correspondence, experts from Zyxel confirmed the presence of a malfunction, but since this does not affect the performance of the network as a whole, and the model itself is discontinued, no changes will be made to the firmware.

I was completely satisfied with this answer, I removed similar switches from the network, TT closed.

PS Do not judge strictly, I will be glad to answer all your questions.

Thanks for attention!