[c-nsp] Cat6509 CAM entries flapping

Oliver Dewdney oliver.dewdney at lbi.com
Fri Mar 9 14:13:07 EST 2007 

I think a span/mirror port of port 6/11 and a packet capture tool like
wireshark might be a good place to start. 

Oli Dewdney

-----Original Message-----
From: Ge Moua [mailto:moua0100 at umn.edu] 
Sent: 09 March 2007 16:09
To: 'James Sneeringer'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat6509 CAM entries flapping


Some of the older CatOS had annoying IOS bugs that showed these symptoms.
I've ran into this in the past, the newer code is much more resilient
(especially native IOS).  I'm here that you're running hybrid IOS (CatOS on
the switch, IOS on the router module).

 



:-)
Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services 2218
University Ave SE | Minneapolis, MN 55414-3029

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of James Sneeringer
Sent: Friday, March 09, 2007 7:41 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat6509 CAM entries flapping

Lincoln Dale (ltd) wrote: 
> 
> > Any suggestions on how to troubleshoot it?
> 
> the root cause is that you have a common MAC address appearing in two
> places.
> 
> if that server you have on port 6/11 the server behind the LD?

Port 6/11 is the LD.

> if it isn't, I suggest you trace WHY traffic is leaking where it
> shouldn't be.

I don't know that it is leaking, and if it is there's no good reason for it.
Maybe this crude diagram will help, because I don't think I'm explaining it
very well.

    ----------          -----------
    | Host 1 |----------|         | 4/2    ext ---------
    ----------     6/42 |         |------------|       |
                        | Cat6509 |            | LD430 |
    ----------     6/45 |         |------------|       |
    | Host 2 |----------|         | 6/11   int ---------
    ----------          -----------

The LD430 does NAT. The external interface is in VLAN2, and the internal
interface is in VLAN10. Host 1 and Host 2 are also in VLAN10 on the inside.
CatOS sees the MAC address for Host 1 flip flopping between port 6/42 (the
correct port) and 6/11 (the LD's port).

The only reasons I can think of for Host 1's MAC address to show up on port
6/11 are:

1) The LD is sending gratuitous ARPs and spoofing Host 1's MAC address. As
far as I know, LDs don't do this.

2) Traffic from Host 1 is somehow entering the LD's external interface, and
is thus bridged to its internal interface. This is what I meant by traffic
being leaked. Host 1 is not on a trunk port and only sees VLAN10, so I don't
see how this should be possible.

> OR: investigate whether two servers have the same MAC address
> (shouldn't happen, but alas some NIC manufacturers have made 
> mistakes...).

We're looking into this as well. However, the problem is very recent,
starting in the last week or so, and it's being exhibited for multiple MAC
addresses. If it were two server ports doing this, I'd definitely be leaning
in this direction, but with the LD involved it doesn't seem likely.

-James
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

This e-mail is only intended for the person(s) to whom it is addressed and
may contain confidential information. LB Icon does not accept responsibility
for any loss or damage caused by this email or any attachments. Unless
clearly stated to the contrary, any opinions or comments are personal to the
writer and are not made on behalf of LB Icon. If you have received this
e-mail in error, please notify us immediately at info at lbicon.co.uk and then
delete this message from your system. Please do not copy it or use it for
any purposes, or disclose its contents to any other person. Thank you for
your co-operation.

LB Icon is the business name of Aspect Internet Holdings Limited, Aspect
Technologies Limited, LB Icon Limited, Object 1 Limited and Escador Limited.

More information about the cisco-nsp mailing list