Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static arp not passing 5K

Following is the topology which we were working on today:

 
Topology:
=========

 
   Both N7Ks can reach VIP of cluster.          
    This is the default gateway.                
  +--------------+         +--------------+     
  |              |         |              |     
  |  N7K - .71   +---------+  N7K - .72   |     
  |              +---------+              |     
  |              |         |              |     
  +-----++-------+         +------++------+     
        ||Po51                    ||Po52        
        ||                        ||            
        || <----+Fabricpath+----> ||            
        ||                        ||            
        ||                        ||            
        ||Po71                    ||Po72        
  +-----++-------+         +------++------+     
  |              |  VPC    |              |     
  |  N5K- .51    +---------+  N5K - .52   |     
  |              +---------+              |     
  |              |         |              |     
  +------------+++         +-++-----------+     
               || (CE vlans) ||                 
  This         ||  Multiple  ||  This           
  N5K Can't    ||    vPCs    ||  N5K Can reach  
  Reach this   ||            ||  the VIP through
  IP address  +++------------+++ flood for mcast
     +        |                |                
     |        |   3750-Stack   |                
     |        |                |                
     |        |                |                
     |        +-----+-----+----+                
     |              |     |                     
     |              |     |                     
     v        +-----+-----+----+                
Multicast MAC | 03bf.0a14.c9d4 | << NLB servers               
Cluster VIP   |VIP:10.20.201.212                
              |   Clusters     |                
              +----------------+                

 
So the problem Description is, 

 
1. N7Ks and N5K (.52) could ping VIP, but N5K (.51) couldn't, which we were troubleshooting.
2. 03bf.0a14.c9d4 is a multicast mac, no IGMP being used by NLB for switches to learn the mac.
3. Traffic is forwarded towards NLB based on flooding. 
4. There is no static multicast mac configuration on any of the switches.
5. There are static ARPs for the NLB IP addresses configured on N7K SVIs.

 

 

Action Taken:
=============
- When we ping from N5K (.51) the packet hits N7K (.71) in VLAN 199. Gets routed into VLAN 200 in which 10.20.201.212 is present.
- These packets do reach N5K (.51), which was confirmed when we configured "ip port access-group" on Po71 of N5K. 
- We could also see the packets were flooding out of Po1 (Peer-link going towards N5K (.52)) - confirmed based on the access-list applied on the peer-link.
- It was being suspected that N5K is not flooding this traffic out of portchannels in N5K (.51) downstream towards 3750 stack which hosts these NLB servers. 
- Port-channels towards the 3750 stack is in vPC. Also from the outputs gathered on the switch, we didn't see any indication of N5K dropping these packets.
- Suggested wireshark capture on 3750 switch to confirm that N5K could be the issues, as this was not isolated yet. 
- The network had to be restored immediately. vPC links on (.52) switch had to be shut down, which resolved the issue. 
- The network was stable however vPC legs on .52 switch were shut down.

 
15
Views
0
Helpful
0
Replies