CAM表条目消失和单播泛滥的未知原因
CAM表条目消失和单播泛滥的未知原因
提问于 2021-05-03 09:30:38
在回答封闭的问题:在目的地没有ff(第2层广播) MAC地址的网络洪泛?时,张贴这篇文章
我有一个网络正在经历以下问题:发送到特定机器的帧(ip 192.168.107.125,mac bbbb.bbbb.bbbb)发送到同一VLAN中的某些设备。
例如,另一台计算机上的wireshark捕获(ip 192.168.107.10,mac aaaa.aaaa.aaaa)列出了发送给(ip 192.168.107.125,mac bbbb.bbbb.bbbb)的数据包。流量是FTP流量(包括登录和密码),所以我非常肯定它在192.168.107.10中没有位置。
我还注意到,当洪水发生时,mac address-table条目bbbb.bbbb.bbbb丢失了。重新启动bbbb.bbbb.bbbb后,MAC条目将返回,但只需一段时间。
所有的图片服务器(网络客户端)都在同一个VLAN中
图上显示了开关模型。配置显示在图表上,并在下面列出。
编辑1:在地址消失之前,使用丢失的MAC的设备绝对会发射帧--我们有wireshark捕获的。事实上,即使在消失之后,设备仍然会继续发送帧,所以我希望交换机能够创建一个新的MAC地址表条目。
我已经检查了交换机日志,没有迹象显示连接客户端的MAC端口上有链接切换的迹象。例如,有一次,当MAC地址丢失时,我重新启动了客户机设备。在日志中,我可以看到接口经过指定的->阻塞->学习->转发阶段(30秒内),然后就不会出现关于该接口的消息。重新启动后,MAC条目仍然丢失!只有将设备移动到另一个端口,它才出现了一段时间。
编辑2:
Nexus 1配置:
version 8.2(5)
feature-set fex
switchname Core
feature telnet
feature vrrp
feature scheduler
feature ospf
feature pim
feature msdp
feature eigrp
feature port-security
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature ptp
feature lldp
feature sla sender
feature sla responder
logging level aaa 5
logging level cdp 6
logging level hsrp 5
logging level interface-vlan 5
logging level monitor 6
logging level otm 5
logging level radius 5
logging level spanning-tree 6
logging level dhcp_snoop 5
logging level vpc 5
ip domain-lookup
service unsupported-transceiver
errdisable recovery cause link-flap
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause loopback
errdisable recovery cause storm-control
errdisable recovery cause security-violation
errdisable recovery cause psecure-violation
errdisable recovery cause vpc-peerlink
errdisable recovery cause failed-port-state
ip access-list accessblock121
statistics per-entry
11 deny ip 192.168.107.0/24 192.168.121.200/32
30 permit ip any any
ip access-list cape
statistics per-entry
10 permit icmp 192.168.120.125/32 192.168.107.152/32
20 permit ip any any
ip access-list tac
statistics per-entry
10 permit icmp 192.168.120.159/32 192.168.107.152/32
20 permit ip any any
time-range 02:07:00
ip dhcp snooping
service dhcp
ip dhcp relay
ipv6 dhcp relay
ipv6 dhcp guard policy DHCP_CLIENT
!
class-map type qos match-any VLAN_QOS
policy-map type qos NFLINT
class class-default
police cir 200 mbps bc 200 ms conform transmit violate drop
fex 42
pinning max-links 1
debounce time 0
description FEX_42
fex 45
pinning max-links 1
debounce time 0
description FEX_45
ip pim rp-address 192.169.180.3 group-list 224.0.0.0/4
ip pim auto-rp mapping-agent Vlan107
ip pim ssm range 232.0.0.0/8
ip pim auto-rp forward
ip pim pre-build-spt
ip igmp any-query-destination
vlan 107
name EEE
spanning-tree vlan 107 priority 4096
vrf context keepalive
vrf context management
ip route 0.0.0.0/0 192.168.121.254
vpc domain 10
peer-switch
role priority 1500
peer-keepalive destination 192.168.145.14 source 192.168.145.13 vrf keepalive
peer-gateway
config-sync
ip arp synchronize
cfs eth distribute
interface Vlan107
description EEE1
no shutdown
mtu 9216
no ip redirects
ip address 192.168.107.252/24
no ipv6 redirects
ip ospf passive-interface
ip pim sparse-mode
interface port-channel1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
vpc peer-link
interface port-channel42
description FEX_42
switchport
switchport mode fex-fabric
fex associate 42
mtu 9216
interface port-channel45
description FEX_45
switchport
switchport mode fex-fabric
fex associate 45
mtu 9216
interface Ethernet4/1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
channel-group 1 mode active
no shutdown
interface Ethernet4/3
description VPC KeepAlive Link
vrf member keepalive
ip address 192.168.145.13/24
no shutdown
interface Ethernet5/1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
channel-group 1 mode active
no shutdown
interface Ethernet5/45
description FLOODING_ADDRESSED_HERE
switchport
switchport access vlan 107
ipv6 dhcp guard attach-policy DHCP_CLIENT
no shutdown
interface Ethernet7/46
description NO_FLOODING_HERE_1
switchport
switchport access vlan 107
ipv6 dhcp guard attach-policy DHCP_CLIENT
no shutdown
interface Ethernet42/1/10
description NO_FLOODING_HERE_2
switchport
switchport access vlan 107
no shutdown
interface Ethernet45/1/10
description NO_FLOODING_HERE_3
switchport
switchport access vlan 107
no shutdown
logging logfile messages 6
no terminal log-all
line console
terminal width 80
line vty
router ospf core
network 192.168.107.0/24 area 0.0.0.0
monitor session 2
source interface Ethernet5/45 both
destination interface Ethernet5/11
ip dhcp snooping vlan 107
scheduler logfile size 1024Nexus 2配置:
version 8.2(5)
feature-set fex
hostname HOSTNAME
feature privilege
feature telnet
feature vrrp
feature scheduler
feature ospf
feature pim
feature msdp
feature eigrp
feature port-security
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature ptp
feature lldp
feature sla sender
feature sla responder
logging level aaa 5
logging level cdp 6
logging level hsrp 5
logging level interface-vlan 5
logging level monitor 6
logging level otm 5
logging level radius 5
logging level spanning-tree 6
logging level dhcp_snoop 5
logging level vpc 5
ip domain-lookup
service unsupported-transceiver
errdisable recovery cause link-flap
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause loopback
errdisable recovery cause storm-control
errdisable recovery cause security-violation
errdisable recovery cause psecure-violation
errdisable recovery cause vpc-peerlink
errdisable recovery cause failed-port-state
ip access-list accessblock121
statistics per-entry
11 deny ip 192.168.107.0/24 192.168.121.200/32
30 permit ip any any
ip access-list cape
statistics per-entry
10 permit icmp 192.168.120.125/32 192.168.107.152/32
20 permit ip any any
ip access-list tac
statistics per-entry
10 permit icmp 192.168.120.159/32 192.168.107.152/32
20 permit ip any any
ip dhcp snooping
service dhcp
ip dhcp relay
ipv6 dhcp relay
ipv6 dhcp guard policy DHCP_CLIENT
!
class-map type qos match-all trustme
fex 48
pinning max-links 1
debounce time 0
description FEX_48
fex 54
pinning max-links 1
debounce time 0
description FEX_54
ntp server 192.168.140.13
ntp server 192.168.140.14
ip pim rp-address 192.169.180.3 group-list 224.0.0.0/4
ip pim auto-rp mapping-agent Vlan107
ip pim ssm range 232.0.0.0/8
ip pim auto-rp forward
ip pim pre-build-spt
ip igmp any-query-destination
vlan 107
name EEE
vrf context keepalive
vrf context management
ip route 0.0.0.0/0 192.168.121.254
vpc domain 10
peer-switch
role priority 1000
peer-keepalive destination 192.168.145.13 source 192.168.145.14 vrf keepalive
peer-gateway
config-sync
ip arp synchronize
cfs eth distribute
interface Vlan107
description EEE1
no shutdown
mtu 9216
no ip redirects
ip address 192.168.107.254/24
no ipv6 redirects
ip ospf passive-interface
ip pim sparse-mode
interface port-channel1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
vpc peer-link
interface port-channel48
description FEX_48
switchport
switchport mode fex-fabric
fex associate 48
mtu 9216
interface port-channel54
description FEX_54
switchport
switchport mode fex-fabric
fex associate 54
mtu 9216
vpc 54
interface Ethernet4/1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
channel-group 1 mode active
no shutdown
interface Ethernet4/3
description VPC KeepAlive Link
vrf member keepalive
ip address 192.168.145.14/30
no shutdown
interface Ethernet5/1
description VPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 107
spanning-tree port type network
channel-group 1 mode active
no shutdown
interface Ethernet6/41
description FEX_48
switchport
switchport mode fex-fabric
fex associate 48
mtu 9216
channel-group 48
no shutdown
interface Ethernet6/42
description FEX_48
switchport
switchport mode fex-fabric
fex associate 48
mtu 9216
channel-group 48
no shutdown
interface Ethernet7/28
description Link FEX54
switchport
switchport mode fex-fabric
fex associate 54
mtu 9216
channel-group 54
no shutdown
interface Ethernet48/1/3
description FLOODING_RECEIVED_HERE_1
switchport
switchport access vlan 107
ipv6 dhcp guard attach-policy DHCP_CLIENT
no shutdown
interface Ethernet48/1/8
description FLOODING_RECEIVED_HERE_2
switchport
switchport access vlan 107
ipv6 dhcp guard attach-policy DHCP_CLIENT
no shutdown
interface Ethernet54/1/10
description FLOODING_RECEIVED_HERE_3
switchport
switchport access vlan 107
no shutdown
logging logfile messages 6
no terminal log-all
line console
terminal width 80
line vty
router eigrp 10
router-id 192.168.133.253
default-information originate
router ospf 1
router ospf core
network 192.168.107.0/24 area 0.0.0.0
monitor session 2
ip dhcp snooping vlan 107
scheduler logfile size 1024编辑3:假设: MAC地址丢失是因为它老化了。谢谢你,Zac67,我想进一步测试一下。当bbbb.bbbb.bbbb的MAC地址表条目丢失时,我从两个交换机导出了ARP和CAM。存在ARP条目:
192.168.107.125 00:15:53 bbbb.bbbb.bbbb Vlan107
但是两个交换机上的CAM表都不包含这个MAC条目!我知道,如果我们只在一边看到洪水,人们就会得出结论,条目只在那边丢失,但事实并非如此:洪水只发生在一侧,两个CAM表都缺少这个条目。
此外,当bbbb.bbbb.bbbb的MAC地址表条目从交换机中丢失时,我在此客户端连接的接口上捕获了SPAN,并看到了以下内容:
我将此解释为交换机接收到了封装在其中的bbbb.bbbb.bbbb源H/W地址的帧的证据。即使MAC条目超时了,交换机也应该重新创建它,对吗?
编辑4:我的同事已经和Cisco一起打开了一个支持案例。目前正在进行“更深入”的调查,因为他们无法立即解释这一行为的原因。
回答 1
Network Engineering用户
发布于 2021-05-03 09:58:54
发送到特定机器(ip 192.168.0.20,mac bbbb.bbbb.bbbb)的帧发送到该VLAN中的某些设备。
除非该MAC地址是一个多播地址,否则它在其VLAN中必须是唯一的--“特定设备”应该是“某个设备”。
编辑,你似乎指的是连接到右手的Nexus的设备,对此很抱歉。
另一台计算机上的wireshark捕获(ip 192.168.0.10,mac aaaa.aaaa.aaaa)列出了发送给(ip 192.168.0.20,mac bbbb.bbbb.bbbb)的数据包。流量是FTP流量(包括登录和密码),所以我非常肯定它在192.168.0.10中没有位置。
交换机不关心IP地址,唯一相关的是MAC地址-用于学习的源,用于转发的目的地。
与您在前面的问题中一样,当
- 它的关联端口丢失它的链接。
- 在一段时间内,它不会被开关所看到,并且会老化(这个时间通常是可配置的)。
- 它被看作是另一个端口上的源。
当目标MAC没有出现在其源地址表中时,就会出现一个交换机,将帧发送到所有端口,比如模拟中继器集线器的广播。然而,所有未被MAC处理的NIC都会忽略该帧--因此它只会浪费带宽,但不会引起问题。
因此,确保适当配置交换机中的MAC老化,并确保使用MAC的设备在寻址前发出帧。此外,请检查日志中是否有可能导致MAC过早丢弃的链接切换。作为解决办法,您可以尝试每隔几分钟触发一次ARP查询。
由于从它的表中丢失MAC地址的是右侧的Nexus,您应该确保至少有一些来自192.168.0.20的流量在老化超时地址之前按下该交换机(默认为1800秒)。通常,有些频繁的广播(例如ARP)可以确保所有交换机的可靠更新,但该节点可能不需要这样做。如果你不能延长老化的时间,向任何一个方向轻拍那个开关都可以解决这个问题。
您应该尝试设置一个更长的MAC老化超时:
mac地址-表老化-时间秒万万
如果这没有帮助,您可以在所需的端口上放置一个静态映射:
mac地址-表静态地址mac_addr vlan vlan_id 插槽/端口
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/73736
复制相关文章
相似问题
腾讯云开发者
