Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16130
Views
15
Helpful
6
Replies

Unicast Flooding Mac-address aging-time

Go to solution
robert.porambo
Level 1
Level 1

‎09-21-2012 07:03 AM - edited ‎03-07-2019 09:01 AM

I am battling a unicast flooding issue on a pair of 6509 where one switch has a mac-address aging-time set to 14400 seconds while the other is set to the default of 480 seconds. In an attempt to reduce the amount of unicast flooding I want to change from 480 to 14400 on the one switch.

These two swtiches are L2 Q-trunked together running HSRP on all vlan interfaces.   All HSRP masters are on the switch with the 14400 aging-timer (except one).

Will modifying this parameter have a direct negative impact at the time the change is made?  For example, will the command clear the mac-address table forcing a lot of relearning? 

I need to be aware of any consequences of this change since this is a critical production environment.  Any comments or suggestions appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arumugam Muthaiah
Cisco Employee
Cisco Employee
In response to robert.porambo

‎09-25-2012 07:07 AM

Hi Bob,

Sorry, i misunderstood your question. Now its clear. If you change the #mac address-table aging-time 14400, this doesnt clear any existing mac address-table.

You can notice the age timer reset to 0, but this doesnt clear any existing mac address-table. You shouldnt see any negative impact due to this change.

i tested on my Lab, please see the detail below,

Before change:

Switch#show mac address-table aging-time
Vlan    Aging Time
----    ----------
Global  480
no vlan age other than global age configured


Switch#sh mac address-table dynamic
Legend: * - primary entry
       age - seconds since last seen
       n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes         75   Po200
*   20  001d.e53d.2c00   dynamic  Yes         75   Po200
*   10  001d.e53d.2c00   dynamic  Yes         75   Po200
*  899  e41f.1377.2c30   dynamic  Yes         45   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes        150   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes         60   Gi1/5/3

After change:

Switch(config)#mac address-table aging-time 14400

Switch#show mac address-table aging-time
Vlan    Aging Time
----    ----------
Global  14400
no vlan age other than global age configured

Switch#sh mac address-table dynamic
Legend: * - primary entry
       age - seconds since last seen
       n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes          0   Po200
*   20  001d.e53d.2c00   dynamic  Yes          0   Po200
*   10  001d.e53d.2c00   dynamic  Yes          0   Po200
*  899  e41f.1377.2c30   dynamic  Yes          0   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes          0   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes          0   Gi1/5/3


Switch#sh mac address-table dynamic     
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes        600   Po200
*   20  001d.e53d.2c00   dynamic  Yes        600   Po200
*   10  001d.e53d.2c00   dynamic  Yes        600   Po200
*  899  e41f.1377.2c30   dynamic  Yes          0   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes        180   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes         60   Gi1/5/3

Note:

To reset the seconds value to the default setting, use the no form of this command.

Switch(config)#no mac address-table aging-time 14400

Regards,

Aru

*** Please rate if this post is useful ***

Regards, Aru *** Please rate if the post useful ***

View solution in original post

6 Replies 6

Go to solution
Arumugam Muthaiah
Cisco Employee
Cisco Employee

‎09-24-2012 11:31 AM

Hi Robert,

Frequent topology changes reduce the MAC address table aging time from the default time of 300 seconds to 15 seconds. Increasing the MAC aging time will help to remedy the unknown unicast flooding.

With asymmetric routing, transmit and receive packets follow different paths between a host and the peer with which it communicates. This packet flow is a result of the configuration of load balancing between HSRP routers, based on HSRP priority, which set the HSRP to active or standby.

This type of packet flow in a switching environment can result in excessive unknown unicast flooding. Also, Multilayer Switching (MLS) entries can be absent. Unknown unicast flooding occurs when the switch floods a unicast packet out of all ports. The switch floods the packet because there is no entry for the destination MAC address. This behavior does not break connectivity because packets are still forwarded. But, the behavior does account for the flood of extra packets on host ports. This case studies the behavior of asymmetric routing and why unicast flooding results.

Symptoms of asymmetric routing include:

  • Excessive unicast packet flooding
  • Absent MLS entry for flows
  • Sniffer trace that shows that packets on the host port are not destined for the host
  • Increased network latency with L2-based packet rewrite engines, such as server load balancers, web cache devices, and network appliances
  • Dropped packets on connected hosts and workstations that cannot handle the additional unicast-flooding traffic load

The default ARP cache aging time on a router is four hours. The default aging time of the switch content-addressable memory (CAM) entry is five minutes.


the example sets the ARP aging time to four hours


Asymmetric routing issues do not break connectivity. But, asymmetric routing can cause excessive unicast flooding and MLS entries that are missing. There are three configuration changes that can remedy this situation:

  • Adjust the MAC aging time on the respective switches to 14,400 seconds (four hours) or longer.
  • Change the ARP timeout on the routers to five minutes (300 seconds).
  • Change the MAC aging time and ARP timeout to the same timeout value.

Refer:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t8

Regards,

Aru

*** Please rate if the post is useful ***

Regards, Aru *** Please rate if the post useful ***

Go to solution
robert.porambo
Level 1
Level 1
In response to Arumugam Muthaiah

‎09-24-2012 02:43 PM

Aru,

  Thank for the response. Very good information.

  My question is whether or not issuing the command itself "mac-address-table aging-time 14400" will clear the mac-table itself or have an immediate negative impact.

Thanks,

Bob

0 Helpful

Go to solution
Arumugam Muthaiah
Cisco Employee
Cisco Employee
In response to robert.porambo

‎09-24-2012 08:29 PM

Hi Bob,

Thanks for your vlauable feedback. Default MAC address table aging time is 300 seconds. If any topology changes occur, this will reduce the MAC address table aging time from the default time of 300 seconds to 15 seconds.

Once it flushes the MAC addresses, this will start to re learn the MAC addresses again.

So if you experience frequent topology changes or asymmetric routing can cause excessive unicast flooding. To protect from this excessive unicast flooding, we can configure #mac-address-table aging-time 14400

If you are not seeing any issue, you can leave with default timer.

Regards,

Aru

*** Please rate if this post useful ***

Regards, Aru *** Please rate if the post useful ***
0 Helpful

Go to solution
robert.porambo
Level 1
Level 1
In response to Arumugam Muthaiah

‎09-25-2012 06:09 AM

Aru,

  I don't think you understand my question.  Let me restate it. 

I want to change the aging-timer to 14400 seconds.  When I enter that command, will it clear the existing mac-table at that instant?  Will it immediately have a negative impact? 

I am making this change on a critical production switch and I cannot afford to interrupt existing sessions through this switch.  If I get a sense of confidence that the change is non disruptive, I will go ahead and modify the timer.

Thanks,

Bob

0 Helpful

Go to solution
Arumugam Muthaiah
Cisco Employee
Cisco Employee
In response to robert.porambo

‎09-25-2012 07:07 AM

Hi Bob,

Sorry, i misunderstood your question. Now its clear. If you change the #mac address-table aging-time 14400, this doesnt clear any existing mac address-table.

You can notice the age timer reset to 0, but this doesnt clear any existing mac address-table. You shouldnt see any negative impact due to this change.

i tested on my Lab, please see the detail below,

Before change:

Switch#show mac address-table aging-time
Vlan    Aging Time
----    ----------
Global  480
no vlan age other than global age configured


Switch#sh mac address-table dynamic
Legend: * - primary entry
       age - seconds since last seen
       n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes         75   Po200
*   20  001d.e53d.2c00   dynamic  Yes         75   Po200
*   10  001d.e53d.2c00   dynamic  Yes         75   Po200
*  899  e41f.1377.2c30   dynamic  Yes         45   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes        150   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes         60   Gi1/5/3

After change:

Switch(config)#mac address-table aging-time 14400

Switch#show mac address-table aging-time
Vlan    Aging Time
----    ----------
Global  14400
no vlan age other than global age configured

Switch#sh mac address-table dynamic
Legend: * - primary entry
       age - seconds since last seen
       n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes          0   Po200
*   20  001d.e53d.2c00   dynamic  Yes          0   Po200
*   10  001d.e53d.2c00   dynamic  Yes          0   Po200
*  899  e41f.1377.2c30   dynamic  Yes          0   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes          0   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes          0   Gi1/5/3


Switch#sh mac address-table dynamic     
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
*   30  001d.e53d.2c00   dynamic  Yes        600   Po200
*   20  001d.e53d.2c00   dynamic  Yes        600   Po200
*   10  001d.e53d.2c00   dynamic  Yes        600   Po200
*  899  e41f.1377.2c30   dynamic  Yes          0   Gi1/5/3
*  899  001b.2493.ce51   dynamic  Yes        180   Gi1/5/3
*  899  e41f.1325.3431   dynamic  Yes         60   Gi1/5/3

Note:

To reset the seconds value to the default setting, use the no form of this command.

Switch(config)#no mac address-table aging-time 14400

Regards,

Aru

*** Please rate if this post is useful ***

Regards, Aru *** Please rate if the post useful ***

Go to solution
robert.porambo
Level 1
Level 1
In response to Arumugam Muthaiah

‎09-25-2012 08:57 AM

Thank you Aru.  That's exactly what I needed.

Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card