[c-nsp] Cat6509 CAM entries flapping

James Sneeringer jsneeringer at jupiterimages.com
Fri Mar 9 08:40:43 EST 2007

Lincoln Dale (ltd) wrote: 
> > Any suggestions on how to troubleshoot it? 
> the root cause is that you have a common MAC address appearing in two
> places.
> if that server you have on port 6/11 the server behind the LD?

Port 6/11 is the LD.

> if it isn't, I suggest you trace WHY traffic is leaking where it
> shouldn't be.

I don't know that it is leaking, and if it is there's no good reason for it.
Maybe this crude diagram will help, because I don't think I'm explaining it
very well.

    ----------          -----------
    | Host 1 |----------|         | 4/2    ext ---------
    ----------     6/42 |         |------------|       |
                        | Cat6509 |            | LD430 |
    ----------     6/45 |         |------------|       |
    | Host 2 |----------|         | 6/11   int ---------
    ----------          -----------

The LD430 does NAT. The external interface is in VLAN2, and the internal
interface is in VLAN10. Host 1 and Host 2 are also in VLAN10 on the inside.
CatOS sees the MAC address for Host 1 flip flopping between port 6/42 (the
correct port) and 6/11 (the LD's port).

The only reasons I can think of for Host 1's MAC address to show up on port
6/11 are:

1) The LD is sending gratuitous ARPs and spoofing Host 1's MAC address. As
far as I know, LDs don't do this.

2) Traffic from Host 1 is somehow entering the LD's external interface, and
is thus bridged to its internal interface. This is what I meant by traffic
being leaked. Host 1 is not on a trunk port and only sees VLAN10, so I don't
see how this should be possible.

> OR: investigate whether two servers have the same MAC address 
> (shouldn't
> happen, but alas some NIC manufacturers have made mistakes...).

We're looking into this as well. However, the problem is very recent,
starting in the last week or so, and it's being exhibited for multiple MAC
addresses. If it were two server ports doing this, I'd definitely be leaning
in this direction, but with the LD involved it doesn't seem likely.


More information about the cisco-nsp mailing list