11-20-2009 06:59 AM
We're running ACE SM and seeing all the VIP addresses, NAT addresses and alias addresses in the ARP table below being assigned the same virtual MAC address. How then would a packet find the correct source/destination if all these MAC addresses are the same?
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
204.107.54.1 00.24.f9.03.08.00 vlan810 GATEWAY 300 263 sec up
204.107.54.4 00.1e.13.3c.ab.80 vlan810 LEARNED 24 7631 sec up
204.107.54.5 00.1e.13.3c.a6.00 vlan810 LEARNED 331 8992 sec up
204.107.55.5 00.1f.ca.7b.70.23 vlan810 INTERFACE LOCAL _ up
204.107.55.6 00.0b.fc.fe.1b.05 vlan810 ALIAS LOCAL _ up
204.107.54.20 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.21 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.22 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.23 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.31 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.32 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
204.107.54.33 00.0b.fc.fe.1b.05 vlan810 VSERVER LOCAL _ up
Thanks.
11-20-2009 11:27 AM
Its perfectly normal.
ACE responds with same MAC adddress to ARP requests for all the IP addressess configured on ACE like VIPs, Src NAt entries and Interface IPs. Remember that all traffic destined to above mentioned IP addresses needs to reach ACE and a single MAC address on ACE is sufficient to achieve this goal.
Syed Iftekhar Ahmed
11-22-2009 02:37 AM
ACE uses the concept of Virtual Mac Addresses , which are the addresses used for VIP addresses, NAT addresses (dynamic and static), and alias addresses These will all always use a MAC address in the following form 00.0b.fc.fe.1b.
If you are using single ACE SM in a cat6k box, and you are seeing duplicate MAC, its normal. Cat6k Supervisor is L2 Adjacent with ACE, Any traffic received by Supervisor in VLAN 810 will be sent to ACE and then ACE will determine which VIP that packet is going to.
Real Problem will come when you are using multiple ACE modules in Same Chassis or you are doing Chassis to Chassis ACE Redundancy. In such situation your Cat6k Switch will have duplicate MAC entries.
To avoid this, you need to keep your Contexts in diffrent context groups in each Module i.e something like this
ft group 5
peer 1
priority X
associate-context default3
inservice
03-14-2010 12:04 AM
Using ft-group number 1-255 gives us only 255 contexts per MAC Address visibility domain. In some cases this is too small amount of contexts. Are there any plans to extend this number to e.g. 1-4096 range to match HSRPv2 virtual mac address space?
03-14-2010 05:40 AM
Hello,
There are currently no plans to increase the number of contexts per ACE module. Even if you use the maximum of 250 contexts (the max is not 255), then you would need to be very careful how you allocate resources to each context so one doesn't starve out another. There is only a finite amount of physical resources on the hardware platform, so this is the reason we cannot simply place an arbitrary maximum number of context.
For the ACE virtual MAC address allocations, click on the Documents tab for this forum, and you'll see a document that I posted to help explain this part of the ACE, which can be confusing. I hope you find it helpful.
Sean
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: