ACE virtual mac address allocation

axfalk · ‎11-20-2009

We're running ACE SM and seeing all the VIP addresses, NAT addresses and alias addresses in the ARP table below being assigned the same virtual MAC address. How then would a packet find the correct source/destination if all these MAC addresses are the same?

IP ADDRESS      MAC-ADDRESS        Interface Type      Encap NextArp(s) Status
================================================================================
204.107.54.1    00.24.f9.03.08.00 vlan810   GATEWAY    300    263 sec      up
204.107.54.4    00.1e.13.3c.ab.80 vlan810   LEARNED    24     7631 sec     up
204.107.54.5    00.1e.13.3c.a6.00 vlan810   LEARNED    331    8992 sec     up
204.107.55.5    00.1f.ca.7b.70.23 vlan810   INTERFACE LOCAL     _         up
204.107.55.6    00.0b.fc.fe.1b.05 vlan810   ALIAS      LOCAL     _         up
204.107.54.20   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.21   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.22   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.23   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.31   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.32   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up
204.107.54.33   00.0b.fc.fe.1b.05 vlan810   VSERVER    LOCAL     _         up

Thanks.

Syed Iftekhar Ahmed · ‎11-20-2009

Its perfectly normal.

ACE responds with same MAC adddress to ARP requests for all the IP addressess configured on ACE like VIPs, Src NAt entries and Interface IPs. Remember that all traffic destined to above mentioned IP addresses needs to reach ACE and a single MAC address on ACE is sufficient to achieve this goal.

Syed Iftekhar Ahmed

kaquresh · ‎11-22-2009

ACE uses the concept of Virtual Mac Addresses , which are the addresses used for VIP addresses, NAT addresses (dynamic and static), and alias addresses These will all always use a MAC address in the following form 00.0b.fc.fe.1b.

If you are using single ACE SM in a cat6k box, and you are seeing duplicate MAC, its normal. Cat6k Supervisor is L2 Adjacent with ACE, Any traffic received by Supervisor in VLAN 810 will be sent to ACE and then ACE will determine which VIP that packet is going to.

Real Problem will come when you are using multiple ACE modules in Same Chassis or you are doing Chassis to Chassis ACE Redundancy. In such situation your Cat6k Switch will have duplicate MAC entries.

To avoid this, you need to keep your Contexts in diffrent context groups in each Module i.e something like this

ft group 5

peer 1

priority X

associate-context default3

inservice

kkataja · ‎03-14-2010

Using ft-group number 1-255 gives us only 255 contexts per MAC Address visibility domain. In some cases this is too small amount of contexts. Are there any plans to extend this number to e.g. 1-4096 range to match HSRPv2 virtual mac address space?

Sean Merrow · ‎03-14-2010

Hello,

There are currently no plans to increase the number of contexts per ACE module. Even if you use the maximum of 250 contexts (the max is not 255), then you would need to be very careful how you allocate resources to each context so one doesn't starve out another. There is only a finite amount of physical resources on the hardware platform, so this is the reason we cannot simply place an arbitrary maximum number of context.

For the ACE virtual MAC address allocations, click on the Documents tab for this forum, and you'll see a document that I posted to help explain this part of the ACE, which can be confusing. I hope you find it helpful.

Sean