How do switch play with Mac address?

Ajay Raj · ‎05-19-2018

Experts,

I have 2 questions. Its bit confusing me every time. Hope my confusions can resolve by experts like you.

1. Did switch learn all MAC address's? I mean both the through traffic & to the box traffic?

2. My data center has multiple production servers & data transferring is happening every second even then the switch is not learning all the MAC address from the servers. Sometimes i have to ping the server IP & get the MAC address. Why is that? If the servers are communicating all the time then how come a MAC address gets time out?

Georg Pauwen · ‎05-19-2018

Hello,

in general, a MAC address times (ages) out only if it is not being used (default is 300 seconds).

Which switch do you have ? Post the output of 'show ver'...

Ajay Raj · ‎05-20-2018

Thanks for taking time to reply. Its not related to any specific device or a manufacturer. Same behavior can be seen in N5k,7k,3850,3750 etc...

mlund · ‎05-21-2018

Hi

I wonder what command you are using, because, mac adresses are learnt when traffic is passing the switch. The switch looks at the source address and updates its cam table with that info together with the interface the traffic was receives, and as Georg say, the timeout for that is 300 seconds.

To look at this table, use " sh mac address-table".

However you said you have to ping it to see it, that sounds you are looking at the arp table, wich in turn, is only used by layer3, and the command for that is "sh arp"

/Mikael

Ajay Raj · ‎05-21-2018

I absolutely understand ARP & MAC address.Let me be little more specific here. Consider that in a data center we have 100's of servers , all are online & passing the traffic back and forth. Still sometimes we dont see their MAC address in mac address table. I understand that MAC address will age out after a certain period of time but in this case there is no chance for that since all servers are online & exchanging the packet. Do we have an option to find a server MAC with out doing the ARP?

Joseph W. Doherty · ‎05-21-2018

#1 Normally yes, a possible exception being if the MAC table is filled.

#2 "Why is that?" Well, for the switch to learn a MAC, it needs to see a frame. Depending on your topology, it's possible initial frames were flooded to all switches, but once two hosts establish communications, their unicast frames only flow through some of your switches, so the switches that do not see the "conversation" between hosts would age out the MAC entry (as it's not being refreshed). Doing a ping from such a switch would/should force a reply and then the switch would renter the MAC.

Richard Burts · ‎05-21-2018

Mikael makes an important point that a switch learns the source mac of every frame that passes through the switch. I believe that Joseph makes another important point that in a network that is designed to have some redundancy that it is quite likely that traffic from a server will pass through some switches but not through other switches.

Perhaps we can think of an example to illustrate this. Suppose that the server is connected to switch S. Switch S is connected to three downstream switches S1 S2 and S3. When the server comes on line it checks for duplicate IP by sending an arp which is flooded through the entire network. At this point all switches have learned its source mac. As it is in operation traffic from the server passes through Switch S and through S1. So S2 and S3 are not seeing this traffic and they time out the mac address from their switch mac address table. Now if you happen to be connected to S2 or S3 and attempt to see the server it will not be in the mac address table of your switch. After you ping the server then the mac does show up in the table of your switch.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎05-21-2018

Rick's example is indeed an example of a topology to which I alluded. Also note, although Rick mentions redundancy, in reference to my posting, redundancy isn't required.

Again, Rick's is a fine example, and his example doesn't mention redundancy. The issue is whether the switch carries (two way) transit traffic for the hosts involved.

BTW, an interesting case of where even transit switches can "drop" MACs is in unicast flooding. See case number 1 in: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html?dtid=osscdc000283

Ajay Raj · ‎05-22-2018

Thanks everyone for their reply. I have to add 2 more components here which will give a better understanding.

What if i have only 2 Nexus switches & along with Fabric interconnect & FEX module. Does the server/UCS blade packet really reach the switch? Does that can be reason why the switch mac address age out? I know FI is a L2 switch.