05-09-2020 07:04 PM
Hello,
Running a capture on Cisco 9K, duplicate use of VIP 10.1.1.1 has been detected.
How does Nexus 9K treat this duplicate entries - is it going to drop these packets; sender does receive any ARP reply from Nexus N9K.
Please advise.
! Incoming ARP BCAST Request
2020-05-09 21:37:42.745870 00:11:22:00:00:34 -> ff:ff:ff:ff:ff:ff ARP Who has 10.1.1.20? Tell 10.1.1.1
!N9K detects duplicate use
2020-05-09 21:37:45.795852 00:00:0c:9f:fa:93 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.1.1.1 (Request) (duplicate use of 10.1.1.1 detected!)
N9K# sh mac address-table | i 100
G 100 0000.0c9f.fa93 static - F F sup-eth1(R)
Solved! Go to Solution.
05-10-2020 12:11 PM
Hi @Netmart
Sorry for the confusion. Allow me to rephrase it. Traffic generated by the rouge IP will be forwarded as any other traffic. Also, L2 traffic destined to the rouge mac address will be forwarded (as the MAC address will be present in mac table). When will there be L2 traffic destined to the MAC address, you may ask? Well, when servers/devices will want to send traffic HSRP VIP, but they will receive an ARP from the rouge device. Ofc this will happen for a very short period of time, until the legit GARP is received from Nexus, but this period is enough to disrupt the communication.
On the other hand, since ARP cannot be installed in ARP table, routed traffic will not be forwarded to the rouge device, If there is any traffic destined to the VIP, it will be consumed by the nexus.
Let me know what other questions you have.
Regards,
Sergiu
05-10-2020 12:40 AM
Is this new configuration you try to configure on nexus and having issue ?
1. Do you running any HSPR between nexus vPC pair, make sure both the HSRP running same version v2
2. if not the abvoe case, Find out what is the MAC address and what port connected to verify by turn off or remove from the network.
05-10-2020 12:57 AM
Hi,
Looking at the source MAC which generates the ARP requests:
2020-05-09 21:37:42.745870 00:11:22:00:00:34 -> ff:ff:ff:ff:ff:ff ARP Who has 10.1.1.20? Tell 10.1.1.1
This looks like a non-cisco device. Meaning that this is an incorrect IP address configured on a device in the network, considering that 10.1.1.1 is the HSRP VIP for group 2707 (00:00:0c:9f:fa:93).
The behavior/response of N9K in this scenarios is pretty simple:
The 9K switch will NOT drop packets generated by the rouge source 10.1.1.1. It will forward them as any other traffic.
Best regards,
Sergiu
05-10-2020 10:24 AM
Hello Sergiu,
Thank you for sharing with me your thoughts on this incident.
So on the one hand Cisco Nexus 9K will not update the ARP table with the 10.1.1.1 / 00:11:22:00:00:34 (rouge mac), but on the other hand you are saying "it will forward it as any other traffic." If this is the case, where does it forwarding to and should N9K respond to this rouge MAC with an ARP reply as it does with any other ARP request?
Please advise.
Thanks,
Netmart
05-10-2020 12:11 PM
Hi @Netmart
Sorry for the confusion. Allow me to rephrase it. Traffic generated by the rouge IP will be forwarded as any other traffic. Also, L2 traffic destined to the rouge mac address will be forwarded (as the MAC address will be present in mac table). When will there be L2 traffic destined to the MAC address, you may ask? Well, when servers/devices will want to send traffic HSRP VIP, but they will receive an ARP from the rouge device. Ofc this will happen for a very short period of time, until the legit GARP is received from Nexus, but this period is enough to disrupt the communication.
On the other hand, since ARP cannot be installed in ARP table, routed traffic will not be forwarded to the rouge device, If there is any traffic destined to the VIP, it will be consumed by the nexus.
Let me know what other questions you have.
Regards,
Sergiu
05-10-2020 04:02 PM
Thank you Sergio. Yes that makes things clearer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: