[c-nsp] mac flapping on 6509 between core and fwsm
does anyone know what would cause this? po30 uplinks to a core router, and po579 is the internal etherchannel assignment for the fwsm. the fwsm is bridging. the 6509 is spanning-tree root for the vlan. vl1250 is the outside interface. the mac in question is core router, configured as po30.1250. the core has numerous other subints configured the same way (so, same mac), but only this vlan reports the move, repeatedly. %MAC_MOVE-SW1_SP-4-NOTIF: Host 0024.f716.5142 in vlan 1250 is flapping between port Po579 and port Po30 6509 vss is running 12.2(33)SXI6 fwsm is 4.1(7) i have multiple fwsm contexts configure the exact same way (diff'd), and i don't see this issue. appreciate any clues. ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mac flapping on 6509 between core and fwsm
I,ve seen events when server switch ports are not properly teamed. And physically connected to separate access layer on a switches. Bridged interfaces ...find where the mac address is located On Thu, Apr 19, 2012 at 6:10 PM, ryanL ryan.lan...@gmail.com wrote: does anyone know what would cause this? po30 uplinks to a core router, and po579 is the internal etherchannel assignment for the fwsm. the fwsm is bridging. the 6509 is spanning-tree root for the vlan. vl1250 is the outside interface. the mac in question is core router, configured as po30.1250. the core has numerous other subints configured the same way (so, same mac), but only this vlan reports the move, repeatedly. %MAC_MOVE-SW1_SP-4-NOTIF: Host 0024.f716.5142 in vlan 1250 is flapping between port Po579 and port Po30 6509 vss is running 12.2(33)SXI6 fwsm is 4.1(7) i have multiple fwsm contexts configure the exact same way (diff'd), and i don't see this issue. appreciate any clues. ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Mario Ruiz ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mac flapping on 6509 between core and fwsm
--- On Thu, 4/19/12, Mario Ruiz mruiz...@gmail.com wrote: From: Mario Ruiz mruiz...@gmail.com Subject: Re: [c-nsp] mac flapping on 6509 between core and fwsm To: ryanL ryan.lan...@gmail.com Cc: cisco-nsp@puck.nether.net Date: Thursday, April 19, 2012, 5:14 PM I,ve seen events when server switch ports are not properly teamed. And physically connected to separate access layer on a switches. Bridged interfaces ...find where the mac address is located On Thu, Apr 19, 2012 at 6:10 PM, ryanL ryan.lan...@gmail.com wrote: does anyone know what would cause this? po30 uplinks to a core router, and po579 is the internal etherchannel assignment for the fwsm. the fwsm is bridging. the 6509 is spanning-tree root for the vlan. vl1250 is the outside interface. the mac in question is core router, configured as po30.1250. the core has numerous other subints configured the same way (so, same mac), but only this vlan reports the move, repeatedly. %MAC_MOVE-SW1_SP-4-NOTIF: Host 0024.f716.5142 in vlan 1250 is flapping between port Po579 and port Po30 6509 vss is running 12.2(33)SXI6 fwsm is 4.1(7) i have multiple fwsm contexts configure the exact same way (diff'd), and i don't see this issue. appreciate any clues. ryan Who is reporting the mac-flaps - the 6509 with fwsm OR fwsm itself? it appears that you are seeing it on the 6509 that has the fwsm? if that is the case, the an arp-reply from host at 0024.f716.5142 is being seen via po30 and po579. Why do you have po30 on the same vlan as fwsm's outside int? Can you post relevant portions of the config? ./Randy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mac flapping on 6509 between core and fwsm
On Thu, Apr 19, 2012 at 5:54 PM, Randy randy_94...@yahoo.com wrote: --- On Thu, 4/19/12, Mario Ruiz mruiz...@gmail.com wrote: Who is reporting the mac-flaps - the 6509 with fwsm OR fwsm itself? it appears that you are seeing it on the 6509 that has the fwsm? if that is the case, the an arp-reply from host at 0024.f716.5142 is being seen via po30 and po579. Why do you have po30 on the same vlan as fwsm's outside int? Can you post relevant portions of the config? ./Randy the 6509 is basically our services layer. data center stuff. it has .1q trunks to the cores, where the cores in-turn pick up a .1q tag for the L3 subinterface. in this example, vl1250. vrrp is used between the two cores via the 6509. the 6509 also has .1q trunks to our back-end routers. in this example, vl1251. the back-end routers do hsrp. the fwsm in the 6509 bridges vl1250 and vl1251 in order to do transparent firewalling. pretty standard. vl1250 is outside, vl1251 is inside. the 6509 is what is reporting the mac move, seeing it show up correctly on the uplink port to the core, and then seeing it show up incorrectly on the internal ec for the fwsm. the mac is the physical address of the core subint. i'm wondering if the fwsm is doing some sort of random gratuitous or proxy arp. the fwsm, which essentially participates, sees the correct mac as an arp entry. fwsm1/context removed# sh arp outside ip removed 0024.f716.5142 i seem to have stopped the mac move messages by doing the following towards my cores (on the 6509). mac-address-table static 0024.f716.3242 vlan 1250 interface Port-channel40 mac-address-table static 0024.f716.5142 vlan 1250 interface Port-channel30 not sure what, if anything, yet, that i'm breaking by doing this. .rL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mac flapping on 6509 between core and fwsm
--- On Thu, 4/19/12, ryanL ryan.lan...@gmail.com wrote: From: ryanL ryan.lan...@gmail.com Subject: Re: [c-nsp] mac flapping on 6509 between core and fwsm To: Randy randy_94...@yahoo.com Cc: Mario Ruiz mruiz...@gmail.com, cisco-nsp@puck.nether.net Date: Thursday, April 19, 2012, 6:58 PM On Thu, Apr 19, 2012 at 5:54 PM, Randy randy_94...@yahoo.com wrote: --- On Thu, 4/19/12, Mario Ruiz mruiz...@gmail.com wrote: Who is reporting the mac-flaps - the 6509 with fwsm OR fwsm itself? it appears that you are seeing it on the 6509 that has the fwsm? if that is the case, the an arp-reply from host at 0024.f716.5142 is being seen via po30 and po579. Why do you have po30 on the same vlan as fwsm's outside int? Can you post relevant portions of the config? ./Randy the 6509 is basically our services layer. data center stuff. it has .1q trunks to the cores, where the cores in-turn pick up a .1q tag for the L3 subinterface. in this example, vl1250. vrrp is used between the two cores via the 6509. the 6509 also has .1q trunks to our back-end routers. in this example, vl1251. the back-end routers do hsrp. the fwsm in the 6509 bridges vl1250 and vl1251 in order to do transparent firewalling. pretty standard. vl1250 is outside, vl1251 is inside. the 6509 is what is reporting the mac move, seeing it show up correctly on the uplink port to the core, and then seeing it show up incorrectly on the internal ec for the fwsm. the mac is the physical address of the core subint. i'm wondering if the fwsm is doing some sort of random gratuitous or proxy arp. the fwsm, which essentially participates, sees the correct mac as an arp entry. fwsm1/context removed# sh arp outside ip removed 0024.f716.5142 i seem to have stopped the mac move messages by doing the following towards my cores (on the 6509). mac-address-table static 0024.f716.3242 vlan 1250 interface Port-channel40 mac-address-table static 0024.f716.5142 vlan 1250 interface Port-channel30 not sure what, if anything, yet, that i'm breaking by doing this. .rL Yes! it fixed you issue because of the static-L2-entries you put in place. It has not fixed the underlying-cause! What you were seeing is not related to proxy-arp OR Gratuitous-Arp(that is an un-solicited response per-se) If you wish to get to the bottom of this, feel free to post off-line. ./Randy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/