VM MAC and UCS MAC question

JamesLagno12010 · ‎09-29-2020

Hello experts,

I am confused about something regarding MACs, I think I need some guidance seeing the big picture.

Say our VM MAC is 111(for simplicity) and it is using vnic 1 in UCS(MAC 222)

If I check MAC address table on FI I see 111 assigned to a veth..can someone provide clarity on a few things:

what do the UCS MAC pool use for?

does each VM itself have a mac or just each vmnic or b

Steven Tardy · ‎09-29-2020

Typical physical NICs get a from factory "burned" in MAC address which the OS will usually, but not always, use.

UCS VIC vNICs get a software assigned MAC (usually from a MAC pool) which should be unique (222).

Since UCS uses virtual NICs (vNICs) these MAC addresses (222) have to come from somewhere, hence the pool.

ESXi will often use the vNIC from the vmnic0 as the OS MAC address for management interface vmk0.

Sounds like you're using these vNICs to uplink a vSwitch for VM traffic.

Since the OS doesn't send traffic out a guest VM vSwitch the vNICs MAC (222) effectively goes unused.

The VM will send traffic from MAC (111) and the vSwitch will pass this traffic through the vNIC and up to the FI.

Most don't know but every physical switch port of every physical hardware switch has a unique MAC address. Rarely does this MAC address come into play, but it does exist. Somewhat like the vNIC has a MAC address on the vSwitch in this instance.

TimothyHenderson4285 · ‎01-22-2025

Same scenario except with the vmkernel ports.

My vmk port gets a mac: 222, the same mac that's on the vNIC (222).
Network traffic works in this scenario, I don't quite understand why.

next: if the vmk gets mac 111 and the vNIC is still 222, there is no network connectivity. ie. the mac address table fails to see/learn the mac of the vmk.

Steven Tardy · ‎01-23-2025

Nothing on the UCS/VIC side should care about this that I can think of.

To be clear the OS using the vNIC MAC (222) can and does work (mostly).
There are some corner cases where the FI **static** assigns this MAC to the vNIC, but the OS doesn't **listen** on that vNIC (think active/backup teaming/failover). So the FI thinks traffic should go out this port, the VIC sends to the OS, but then the OS ignores/drops the packet.

Does the upstream switchport have "port security" configured to only allow a single MAC address?

TimothyHenderson4285 you may want to create a new thread to describe your issue in detail instead of piling on to a 4+ year old thread.

TimothyHenderson4285 · ‎01-24-2025

Figured out the issue.

VMware decided to use the mac address of the first uplink when initially creating the vmk0 interface, had to remove the vmk0 from ESXi cli and recreate for it to get a the vmware mac.
Port-security does exist on the UCSM manager, as I mentioned the Fabric Interconnects were counting (not an upstream switch). The fix to this was going into Network Control Policy>MAC Security and allowing forged MAC addresses.