cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

489
Views
0
Helpful
2
Replies
Highlighted
Beginner

UCS, ACI, Silent Hosts

I'm trying to better understand where a communication issue is happening between VMware on UCS and ACI.  UCS is a pretty simple config with a port channel to upstream ACI.  Server ports are not using port channels today.

I've got two interfaces (virtual on VMware, not vnics) split between the FIs.  If they don't talk for a long time, then they can't talk to each other.

If I try to ping from A to B, it fails.  Using other interfaces, I can ping A to A and B to B just fine.  Still A to B fails.

As soon as I ping B to A it starts working, in both directions.

It doesn't matter which direction I start but it always manifests the same way.

I know UCS drops unknown unicast but I'm not clear on what is causing this.  Is this some functionality within ACI that is modifying the normal broadcast behavior?  Or am I missing something?

Everyone's tags (7)
2 REPLIES 2
Highlighted
Beginner

Re: UCS, ACI, Silent Hosts

did you ever find a resolution?

 

Highlighted
Cisco Employee

Re: UCS, ACI, Silent Hosts

Before/between/after pings, check UCS FI mac address tables (SSH to UCSM IP):

 

connect nxos a
show mac address-table address <MAC A>
show mac address-table address <MAC B>
exit
connect nxos b
show mac address-table address <MAC A>
show mac address-table address <MAC B>
exit

Can also review the MAC learning history, learns and deletes over time, with command:

 

 

show platform fwm info mac <MAC> <VLAN>

 

Silent hosts will also age out of the UCS FI MAC table at a given interval (typically 14500 seconds or 4+hours). See:

 

show mac address-table aging-time

 

Remember a few things about UCS end host mode:

  1. Unlearned MAC addresses are assumed upstream.
  2. Unlearned MAC addresses of upstream ingress packets are not unicast flooded.
  3. Learned MAC addresses of upstream ingress packets will unprogram learned MAC addresses.

So the first one is straightforward, UCS FI gets a packet from a UCS server, does not have the MAC address learned, then send it upstream.

The second one could be where this is breaking, UCS FI forwards upstream, ACI in turn forwards to other UCS FI, FI-2 doesn't have a MAC programmed so is unknown unicast and drops the packet.

The last one is the wreaks havoc when there are network loops upstream, FI forwards upstream, packet unintentionally reflected back to same FI, FI unlearns MAC.

 

The combination of these sometimes boils down to:

  1. Silent hosts may need to talk before they can be talked to.

 

Do some testing and send some output to help figure out how/why this is breaking.

Content for Community-Ad

Cisco Community May 2020 Spotlight Award Winners