[c-nsp] Unicast traffic being sent to every port? Aging issue?

[evil bit]

>What's happening is, esx1/2 beging talking to zfs1.  All is well for a
>while... but at some point, zfs1's MAC address expires from the CAM on
>the switch (I guess that is what is happening).

Great, this is a good step; however, you need to have
valid data to backup your theory! Have you logged into the switch to
verify the MAC is expiring?

>At that point, the Cisco begins forwarding the unicast packets to all
>its ports.  The result -- linux1, and all other hosts see the packets.
>Occasionally, when we're dealing with a lot of traffic, this seriously
>impacts performance.

Have you conducted any packet captures (Wireshark is your friend).

>My question here is.. what is the _right_ way to deal with this?  This
>"flooding" can continue for many minutes at a time.. it isn't until an
>ARP reply eminates from zfs1 that the CAM table is populated again and
>the broadcasting stops.

When did this start? Is this a new environment? What was changed in the
network? Was anything added? Have you released a new application or released
an update to the application? There are many questions to be asked as a
first
step. You state that performance is impacted; very possible you have a
broadcast
storm (Check the broadcast counters on the interfaces [what is the cpu
utilization like
on the switches?]), bad NIC on a server, many possibilities here. What makes
you
think that flooding is occurring to a point that is causing performance
issues?

IMHO, your first start is to check the status of all switches during the
issue and
also start capturing packets utilizing wireshark on the hosts and/or
possibly SPAN
a port on the Cisco/Dells.

Good Luck
E.B