[c-nsp] QinQ mac conflicts

Matt Buford matt at overloaded.net
Wed Jun 7 12:55:05 EDT 2006 

On 6500s, all l3 VLAN interfaces use the same MAC address.  I can manually specify MAC addresses on sup1a or sup720, but sup2 does not support anything other than a single shared MAC.

Normally this isn't a problem, since the mac tables of my switches keep an entry per-vlan, so if I form a loop with vlan X going around the left-hand side and vlan Y going around the right-hand side, the switches have no problem storing that the same MAC (on different VLANs) is heard from different directions.

However, I have a QinQ based metro ethernet connection.  I had intended to create a loop for redundancy.  However, when I attempted to do this I found a problem.  The QinQ provider's mac table stores the MAC address with their "outside" VLAN identifier.  This creates a problem for me because this lack of storing of my "inside" VLAN ID creates MAC address conflicts, and results in the MAC flapping back and forth as it is constantly heard source from multiple ports.

For example, my mac table:

11    00-11-5d-7d-ec-00             2/1 [ALL]
12    00-11-5d-7d-ec-00             2/1 [ALL]
569   00-11-5d-7d-ec-00             2/1 [ALL]

The QinQ provider's mac table:

3188    0011.5d7d.ec00   dynamic other                 Port-channel2         

The end result is that everything is fine until I create a loop and the QinQ provider hears that mac coming from both ends of the link (11 going one way, 12 going the other way, etc...).  This is stored in my tables fine, but in their tables with only a single entry for vlan 3188.

Is there any workaround for this?  Or is QinQ + 6500 vlan interfaces + redundant loops not going to be possible to make work together?  If I carefully forced all VLANs to have the exact same root (so they were all heard from the same direction) then this would be fine, but that isn't something I can really guarantee.  I have too many VLANs and too dynamic of a network.  Also, if I had no sup2 cards then I could manually specify MACs on every single VLAN interface, which would be a huge hassle but work.  However, I have some sup2 cards so that ideas is out.

Is there any workaround or do I just need to find metro ethernet providers that use other methods?  If that is the case, what types will work?  VPLS?

More information about the cisco-nsp mailing list