Hi,

I'm looking into a problem, which involves excessive logentries containing the message below:

%ARP-3-DUP_VADDR_SRC_IP:  arp [4769]  Source address of packet received from 0000.0c07.ac00 on Vlan814(port-channel4095) is duplicate of local virtual ip, 10.10.215.1

The attached drawing shows the topology between the distribution-switches and the OTV-AED's.

The logentry repeats itself every 10 seconds, and is only seen on the Root-Bridge. The other distributionswitch is unaffected by this. The behaviour itself doesn't seem to pose any stress on the N7K, as generel forwarding and day-to-day operation is not affected in any way. However, periodic spikes in CPU are recorded, with NetStack and STP being the top-talkers. The overall stp-topology is stable, when taking a detailed look in the various vlans. TC-notifications are rarely seen and usually only when we would expect to see them.

I've gone through releasenotes for v5.2 and tried to find something with the BugToolKit, but so far no luck. I've found various posting on the net, with others having similar issues, only theese very mostly related specifictly to Hsrp. So far, I've been unable to find any incident related to OTV.

I'm only seeing this behaviour for vlans extended across OTV. All OTV-AED's have the required filtering in place, prohibiting the learning and/or advertising of fhrp information, both at L2 and L3. The filtering works, since we've successfully managed to isolate Hsrp at the two sites. There's nothing to suggest occasional split-brain scenarios, Hsrp is stable and working as expected. Futhermore, we're not seeing this issue on any other vlans not extended across OTV. Nor are we seeing theese logentries recorded on any other Port-channels than thoose connecting the OTV-edge devices to their parentswitches.

The configured vlan-filter on the OTV devices are as listed below:

mac access-list OTV-BLOCK-L2

  10 remark * HSRPv1 and HSRPv2 *

  11 permit any 0000.0c07.ac00 ffff.ffff.ff00

  12 permit any 0000.0c9f.f000 ffff.ffff.f000

  20 remark * VRRP *

  21 permit any 0000.5e00.0100 ffff.ffff.ff00

  30 remark * GLBP *

  31 permit any 0007.b400.0000 ffff.ff00.0000

ip access-list OTV-BLOCK-L3

  10 remark * HSRPv1 and HSRPv2 *

  11 permit udp any 224.0.0.2/32 eq 1985

  12 permit udp any 224.0.0.102/32 eq 1985

  20 remark * VRRP *

  21 permit 112 any 224.0.0.18/32

  30 remark * GLBP *

  31 permit udp any 224.0.0.102/32 eq 3222

mac access-list OTV-FORWD-L2

  10 remark * Everything else *

  11 permit any any

ip access-list OTV-FORWD-L3

  10 remark * Everything else *

  11 permit ip any any

  12 permit icmp any any

vlan access-map OTV-BLOCK 10

        match mac address OTV-BLOCK-L2

        action drop

        statistics per-entry

vlan access-map OTV-BLOCK 20

        match ip address OTV-BLOCK-L3

        action drop

        statistics per-entry

vlan access-map OTV-BLOCK 90

        match mac address OTV-FORWD-L2

        action forward

        statistics per-entry

vlan access-map OTV-BLOCK 91

        match ip address OTV-FORWD-L3

        action forward

        statistics per-entry

vlan filter OTV-BLOCK vlan-list 814-817,2020

Interestingly, the OTV aed does have the hsrp-mac in its CAM-table, though I would expect the above filter to drop that.

So far, the only valid conclusions I have come to is either a STP-issue or somehow, the above filter is not programmed correctly into the hardware and thus not processed correctly.

Any thoughts will do.

Thanks

/Ulrich