[c-nsp] Cat6509 CAM entries flapping

Ge Moua moua0100 at umn.edu
Fri Mar 9 11:08:42 EST 2007 

Some of the older CatOS had annoying IOS bugs that showed these symptoms.
I've ran into this in the past, the newer code is much more resilient
(especially native IOS).  I'm here that you're running hybrid IOS (CatOS on
the switch, IOS on the router module).

 



:-)
Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of James Sneeringer
Sent: Friday, March 09, 2007 7:41 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat6509 CAM entries flapping

Lincoln Dale (ltd) wrote: 
> 
> > Any suggestions on how to troubleshoot it? 
> 
> the root cause is that you have a common MAC address appearing in two 
> places.
> 
> if that server you have on port 6/11 the server behind the LD?

Port 6/11 is the LD.

> if it isn't, I suggest you trace WHY traffic is leaking where it 
> shouldn't be.

I don't know that it is leaking, and if it is there's no good reason for it.
Maybe this crude diagram will help, because I don't think I'm explaining it
very well.

    ----------          -----------
    | Host 1 |----------|         | 4/2    ext ---------
    ----------     6/42 |         |------------|       |
                        | Cat6509 |            | LD430 |
    ----------     6/45 |         |------------|       |
    | Host 2 |----------|         | 6/11   int ---------
    ----------          -----------

The LD430 does NAT. The external interface is in VLAN2, and the internal
interface is in VLAN10. Host 1 and Host 2 are also in VLAN10 on the inside.
CatOS sees the MAC address for Host 1 flip flopping between port 6/42 (the
correct port) and 6/11 (the LD's port).

The only reasons I can think of for Host 1's MAC address to show up on port
6/11 are:

1) The LD is sending gratuitous ARPs and spoofing Host 1's MAC address. As
far as I know, LDs don't do this.

2) Traffic from Host 1 is somehow entering the LD's external interface, and
is thus bridged to its internal interface. This is what I meant by traffic
being leaked. Host 1 is not on a trunk port and only sees VLAN10, so I don't
see how this should be possible.

> OR: investigate whether two servers have the same MAC address 
> (shouldn't happen, but alas some NIC manufacturers have made 
> mistakes...).

We're looking into this as well. However, the problem is very recent,
starting in the last week or so, and it's being exhibited for multiple MAC
addresses. If it were two server ports doing this, I'd definitely be leaning
in this direction, but with the LD involved it doesn't seem likely.

-James
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list