We're running ACE SM and seeing all the VIP addresses, NAT addresses and alias addresses in the ARP table below being assigned the same virtual MAC address. How then would a packet find the correct source/destination if all these MAC addresses are the same?
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status ================================================================================ 184.108.40.206 00.24.f9.03.08.00 vlan810 GATEWAY 300 263 sec up 220.127.116.11 00.1e.13.3c.ab.80 vlan810 LEARNED 24 7631 sec up 18.104.22.168 00.1e.13.3c.a6.00 vlan810 LEARNED 331 8992 sec up 22.214.171.124 00.1f.ca.7b.70.23 vlan810 INTERFACE LOCAL _ up 126.96.36.199 00.0b.fc.fe.1b.05 vlan810 ALIAS LOCAL _ up 188.8.131.52 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 184.108.40.206 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 220.127.116.11 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 18.104.22.168 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 22.214.171.124 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 126.96.36.199 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up 188.8.131.52 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
ACE responds with same MAC adddress to ARP requests for all the IP addressess configured on ACE like VIPs, Src NAt entries and Interface IPs. Remember that all traffic destined to above mentioned IP addresses needs to reach ACE and a single MAC address on ACE is sufficient to achieve this goal.
ACE uses the concept of Virtual Mac Addresses , which are the addresses used for VIP addresses, NAT addresses (dynamic and static), and alias addresses These will all always use a MAC address in the following form 00.0b.fc.fe.1b.
If you are using single ACE SM in a cat6k box, and you are seeing duplicate MAC, its normal. Cat6k Supervisor is L2 Adjacent with ACE, Any traffic received by Supervisor in VLAN 810 will be sent to ACE and then ACE will determine which VIP that packet is going to.
Real Problem will come when you are using multiple ACE modules in Same Chassis or you are doing Chassis to Chassis ACE Redundancy. In such situation your Cat6k Switch will have duplicate MAC entries.
To avoid this, you need to keep your Contexts in diffrent context groups in each Module i.e something like this
Using ft-group number 1-255 gives us only 255 contexts per MAC Address visibility domain. In some cases this is too small amount of contexts. Are there any plans to extend this number to e.g. 1-4096 range to match HSRPv2 virtual mac address space?
There are currently no plans to increase the number of contexts per ACE module. Even if you use the maximum of 250 contexts (the max is not 255), then you would need to be very careful how you allocate resources to each context so one doesn't starve out another. There is only a finite amount of physical resources on the hardware platform, so this is the reason we cannot simply place an arbitrary maximum number of context.
For the ACE virtual MAC address allocations, click on the Documents tab for this forum, and you'll see a document that I posted to help explain this part of the ACE, which can be confusing. I hope you find it helpful.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...