06-03-2009 11:37 PM
I am having 4 ace blades i.e two pairs of ACEs, both are running in high availability mode or fault tolerance mode. I've got shared-vlan-hostid set to different pools on both. However, it wasn't set initially, and the Admin context administrative alias IPs, as well as user contexts alias IPs, are still using the same Virtual MAC addresses on both pairs.
ACE pair 1: 00.0b.fc.fe.1b.01
ACE pair 2: 00.0b.fc.fe.1b.01
When I am rebooting, removing the alias and re-adding it, removing a context, nothing seems to prevent the MAC address collisions.
Version: system: Version A3(2.2) [build 3.0(0)A3(2.2) adbuild_20:56:50-2009/04/03_/a
uto/adbu-rel2/rel_a3_2_2_throttle/REL_3_0_0_A3_2_2]
As I am new to this can you please what I am missing?
Solved! Go to Solution.
06-04-2009 12:12 AM
Hi,
This is related to the way the ACE picks one of the 16 MAC-address pools (based on chassis id). This is explained in the ACE Routing and Bridging Configuration Guide Page 1-7+
"When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context. The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All ACE modules derive these addresses from a global pool of 16,000 MAC addresses. This pool is divided into 16 banks, each containing 1024 addresses. Each subnet can have 16 ACEs.
Each ACE supports 1024 shared VLANs, and uses only one bank of MAC addresses out of the pool. A shared MAC address is associated with a shared VLAN interface.
By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE modules in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank, which results in the use of the same MAC addresses. To avoid this conflict, you must configure the bank that the ACEs will use.
To configure a specific bank of MAC addresses for a local ACE or a peer ACE (in a redundant configuration), use the shared-vlan-hostid or the peer shared-vlan-hostid command, respectively, in configuration mode in the Admin context. The syntaxes of these commands are as follows:
shared-vlan-hostid number
peer shared-vlan-hostid number
The number argument indicates the bank of MAC addresses that the ACE uses. Enter a number from 1 to 16. Be sure to configure different bank numbers for multiple ACEs. For example, to configure bank 2 of MAC addresses for the local ACE and bank 3 for a peer ACE, enter:
host1/Admin(config)# shared-vlan-hostid 2
host1/Admin(config)# peer shared-vlan-hostid 3
To remove the configured bank of MAC addresses and allow the ACE to randomly select a bank, use the no shared-vlan-hostid command. For example, enter:
host1/Admin(config)# no shared-vlan-hostid
To remove the configured bank of MAC addresses from a peer ACE and allow it to randomly select a bank, use the no peer shared-vlan-hostid command. For example, enter:
host1/Admin(config)# no peer shared-vlan-hostid"
One consequence of this is that you can't have more than 16 ACE blades in one VLAN.
HTH
Cathy
06-04-2009 01:28 AM
Hi Smith,
One virtual MAC address (VMAC) is associated with each FT group. The format of the VMAC is: 00-0b-fc-fe-1b-groupID. Because a VMAC does not change upon a switchover, the client and server ARP tables does not require updating.
The ACE selects a VMAC from a pool of virtual MACs available to it.
You can specify the pool of MAC addresses that the local ACE and the peer ACE use by configuring the
shared-vlan-hostid command and the peer shared-vlan-hostid command, respectively.
To avoid MAC address conflicts, be sure that the two pools are different on the two ACEs.
Each peer uses a VMAC that is dependent on the FT group number. If you are using multiple ACEs in the same chassis, be careful when using the same FT groups in more than one module.
To display the VMAC for an FT group by entering the following command:
ACE_module5/Admin# show interface internal iftable vlan100
vlan100
--------
ifid: 6
Context: 0
ifIndex: 16777316
physid: 100
rmode: 0 (unknown)
iftype: 0 (vlan)
bvi_bgid: 0
MTU: 1500
MAC: 00:18:b9:a6:91:15
VMAC: 00:00:00:00:00:00 <------- Virtual MAC Address
Flags: 0x8a000800 (valid, down, admin-down, Non-redundant, tracked)
ACL In: 0
ACL Out: 0
Route ID: 0
FTgroupID: 0
Zone ID: 6
Sec Level: 0
L2 ACL: bpdu DENY, ipv6 DENY, mpls DENY, all DENY
LastChange: 0 (Thu Jan 1 00:00:00 1970)
iflookup index: 100
vlan-vmac index:0
Next Shared IF: 0
Lock: Unlocked, seq 5
Lock errors: 0
Unlock errors: 0
No. of times locked: 5
No. of times unlocked: 5
Current/last owner: 0x40a7fc
Check the FT group configuration on both devices. Make sure that both devices are associated with the same context. Enter the following command:
ACE_module5/Admin# show running-config ft
Also verify the FT peer status and configuration by entering the following command:
ACE_module5/Admin# show ft peer detail
Peer Id : 1
State : FSM_PEER_STATE_COMPATIBLE
Maintenance mode : MAINT_MODE_OFF
FT Vlan : 100
FT Vlan IF State : DOWN
My IP Addr : 10.1.1.1
Peer IP Addr : 10.1.1.2
Query Vlan : 110
Query Vlan IF State : DOWN
Peer Query IP Addr : 172.25.91.202
Heartbeat Interval : 300
Heartbeat Count : 20
Tx Packets : 318573
Tx Bytes : 66301061
Rx Packets : 318540
Rx Bytes : 66272840
Rx Error Bytes : 0
Tx Keepalive Packets : 318480
Rx Keepalive Packets : 318480
TL_CLOSE count : 0
FT_VLAN_DOWN count : 0
PEER_DOWN count : 0
SRG Compatibility : COMPATIBLE
License Compatibility : COMPATIBLE
FT Groups : 3
....contd 2
06-04-2009 01:29 AM
page 2...
Verify the FT group status and configuration by entering the following command:
ACE_module5/Admin# show ft group detail
FT Group : 1
No. of Contexts : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 110
My Net Priority : 110
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Thu Apr 2 00:00:00 2009
Running cfg sync enabled : Enabled
Running cfg sync status : Running configuration sync has completed
Startup cfg sync enabled : Enabled
Startup cfg sync status : Running configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
Kind regards,
Kindly Rate.
sachin garg
06-04-2009 12:12 AM
Hi,
This is related to the way the ACE picks one of the 16 MAC-address pools (based on chassis id). This is explained in the ACE Routing and Bridging Configuration Guide Page 1-7+
"When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context. The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All ACE modules derive these addresses from a global pool of 16,000 MAC addresses. This pool is divided into 16 banks, each containing 1024 addresses. Each subnet can have 16 ACEs.
Each ACE supports 1024 shared VLANs, and uses only one bank of MAC addresses out of the pool. A shared MAC address is associated with a shared VLAN interface.
By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE modules in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank, which results in the use of the same MAC addresses. To avoid this conflict, you must configure the bank that the ACEs will use.
To configure a specific bank of MAC addresses for a local ACE or a peer ACE (in a redundant configuration), use the shared-vlan-hostid or the peer shared-vlan-hostid command, respectively, in configuration mode in the Admin context. The syntaxes of these commands are as follows:
shared-vlan-hostid number
peer shared-vlan-hostid number
The number argument indicates the bank of MAC addresses that the ACE uses. Enter a number from 1 to 16. Be sure to configure different bank numbers for multiple ACEs. For example, to configure bank 2 of MAC addresses for the local ACE and bank 3 for a peer ACE, enter:
host1/Admin(config)# shared-vlan-hostid 2
host1/Admin(config)# peer shared-vlan-hostid 3
To remove the configured bank of MAC addresses and allow the ACE to randomly select a bank, use the no shared-vlan-hostid command. For example, enter:
host1/Admin(config)# no shared-vlan-hostid
To remove the configured bank of MAC addresses from a peer ACE and allow it to randomly select a bank, use the no peer shared-vlan-hostid command. For example, enter:
host1/Admin(config)# no peer shared-vlan-hostid"
One consequence of this is that you can't have more than 16 ACE blades in one VLAN.
HTH
Cathy
06-04-2009 01:28 AM
Hi Smith,
One virtual MAC address (VMAC) is associated with each FT group. The format of the VMAC is: 00-0b-fc-fe-1b-groupID. Because a VMAC does not change upon a switchover, the client and server ARP tables does not require updating.
The ACE selects a VMAC from a pool of virtual MACs available to it.
You can specify the pool of MAC addresses that the local ACE and the peer ACE use by configuring the
shared-vlan-hostid command and the peer shared-vlan-hostid command, respectively.
To avoid MAC address conflicts, be sure that the two pools are different on the two ACEs.
Each peer uses a VMAC that is dependent on the FT group number. If you are using multiple ACEs in the same chassis, be careful when using the same FT groups in more than one module.
To display the VMAC for an FT group by entering the following command:
ACE_module5/Admin# show interface internal iftable vlan100
vlan100
--------
ifid: 6
Context: 0
ifIndex: 16777316
physid: 100
rmode: 0 (unknown)
iftype: 0 (vlan)
bvi_bgid: 0
MTU: 1500
MAC: 00:18:b9:a6:91:15
VMAC: 00:00:00:00:00:00 <------- Virtual MAC Address
Flags: 0x8a000800 (valid, down, admin-down, Non-redundant, tracked)
ACL In: 0
ACL Out: 0
Route ID: 0
FTgroupID: 0
Zone ID: 6
Sec Level: 0
L2 ACL: bpdu DENY, ipv6 DENY, mpls DENY, all DENY
LastChange: 0 (Thu Jan 1 00:00:00 1970)
iflookup index: 100
vlan-vmac index:0
Next Shared IF: 0
Lock: Unlocked, seq 5
Lock errors: 0
Unlock errors: 0
No. of times locked: 5
No. of times unlocked: 5
Current/last owner: 0x40a7fc
Check the FT group configuration on both devices. Make sure that both devices are associated with the same context. Enter the following command:
ACE_module5/Admin# show running-config ft
Also verify the FT peer status and configuration by entering the following command:
ACE_module5/Admin# show ft peer detail
Peer Id : 1
State : FSM_PEER_STATE_COMPATIBLE
Maintenance mode : MAINT_MODE_OFF
FT Vlan : 100
FT Vlan IF State : DOWN
My IP Addr : 10.1.1.1
Peer IP Addr : 10.1.1.2
Query Vlan : 110
Query Vlan IF State : DOWN
Peer Query IP Addr : 172.25.91.202
Heartbeat Interval : 300
Heartbeat Count : 20
Tx Packets : 318573
Tx Bytes : 66301061
Rx Packets : 318540
Rx Bytes : 66272840
Rx Error Bytes : 0
Tx Keepalive Packets : 318480
Rx Keepalive Packets : 318480
TL_CLOSE count : 0
FT_VLAN_DOWN count : 0
PEER_DOWN count : 0
SRG Compatibility : COMPATIBLE
License Compatibility : COMPATIBLE
FT Groups : 3
....contd 2
06-04-2009 01:29 AM
page 2...
Verify the FT group status and configuration by entering the following command:
ACE_module5/Admin# show ft group detail
FT Group : 1
No. of Contexts : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 110
My Net Priority : 110
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
Last State Change time : Thu Apr 2 00:00:00 2009
Running cfg sync enabled : Enabled
Running cfg sync status : Running configuration sync has completed
Startup cfg sync enabled : Enabled
Startup cfg sync status : Running configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
Kind regards,
Kindly Rate.
sachin garg
06-04-2009 01:28 AM
the virtual mac is always 00.0b.fc.fe.1b.XX where XX if the FT group id.
So you have to use a different group id on each pair.
G.
06-04-2009 01:33 AM
Hi Sachin,
Thanks for your detail answer.
As I learn from the cisco documentation was the 1K pool of MAC addresses gets used for VMACs.
BTW Thanks
RobertS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: