From: Jason Morris (mcnever@gmail.com)
Date: Tue Jan 20 2009 - 13:20:58 ARST
I agree i dont know that i've seen any server clustering that uses a
single unicast mac address for the cluster. typically what i've seen
with microsoft load balancing is using a multicast mac which, to the
best of my knowledge, can't be dynamically added to the cam table, so
it broadcasts.
anyway, unicast mac to multiple ports. looks like it works, haven't
tested it but it lets me config it. anybody know why/if this wouldn't
work.
Test-SW(config)#mac-address-table static 001F.3CA6.07AA vlan 1
interface fastEthernet 0/47 fastEthernet 0/48
Test-SW(config)#do sho mac-
Test-SW(config)#do sho mac- stat
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
....
All ffff.ffff.ffff STATIC CPU
1 001f.3ca6.07aa STATIC Fa0/47 Fa0/48
Total Mac Addresses for this criterion: 21
Test-SW(config)#
thanks
Jason
On Tue, Jan 20, 2009 at 9:25 AM, paul cosgrove <paul.cosgrove@gmail.com> wrote:
> Hi Pavel,
>
> Regarding your first point there, the switching standard you describe sounds
> unusual, and I'm unclear how it helps when there are duplicate MACs
> connected to two layer 2 switch ports. Perhaps you have a reference with a
> more detailed description of its operation?
>
> Normally if a switch dynamically learns a MAC address on multiple ports then
> the most recently learned port is used in the MAC address table entry. This
> behaviour allows frames to be sent around network failures without
> unnecessary flooding. Sometimes withh server NIC teaming the same source
> MAC is used on different physical NICs of a server, so you need an
> etherchannel to logically group the switch ports to create just a single MAC
> table entry.
>
> My understanding is that when virtual MAC addresses are used for clusters in
> the same VLAN, those addresses are not used to source traffic from multiple
> servers simultaneously. To do so would cause switch CAM table entries to
> flap, resulting in each server having patchy connectivity. If the two ports
> are on a single switch, at any particular time one server would receive all
> traffic to the virtual MAC whilst the other server would receive nothing.
>
> When the virtual MAC is not used as a source address by any server (just as
> a valid local address for receiving frames), switches will never associate
> it with any ports and continue to flood frames destined to that address so
> that all the servers receive it. The servers themselves send using unique
> MAC addresses, but by sending ARP responses which specify the shared MAC
> address (within the ARP) they can cause other devices to send frames which
> the switches flood to all the clusters.
>
> Paul.
>
> On Tue, Jan 20, 2009 at 10:03 AM, Pavel Bykov <slidersv@gmail.com> wrote:
>
>> :) No.
>> Switching rule #2:
>> Every mac address in the network has to be unique.
>>
>>
>> When duplicate mac addresses are introduced into a switching network, cisco
>> switches usually assign made up address to both of the ports, effectively
>> flooding traffic destined to that mac address, because of unknown unicast
>> behavior rule.
>> Microsoft engineers thought it would be smart to use that rule to setup
>> their clusters - they assign all members same mac address - this way they
>> have guarantee that traffic will be delivered to them since it's going to
>> be
>> unknown unicast, because all switches that conform to standards will try to
>> correct that "error" by not using that duplicate mac... kind of reminds me
>> of 640K being enough for everybody...
>>
>> Anyways, youcould probably create a filter that would allow only mentioned
>> mac addres, but MAC address table will not accept duplicate mac. (all that
>> in same VLAN ofcourse) which brings me to possible solution:
>> Can you assign those two ports to different VLANs? and have VLANs behave
>> the
>> same? I.E. lead to SVI somewhere. This would be a possible solution:
>>
>> Rack1SW2(config)#int ra fa 0/8 - 9
>> Rack1SW2(config-if-range)#switchport access vlan 4
>> Rack1SW2(config-if-range)#switchport port-security
>> Command rejected: FastEthernet0/8 is a dynamic port.
>> % Range command terminated because it failed on FastEthernet0/8
>>
>> Rack1SW2(config-if-range)#switchport mode acc
>> Rack1SW2(config-if-range)#switchport port-security
>> Rack1SW2(config-if-range)#switchport port-security mac-address
>> 000c.257e.f7aa
>> Found duplicate mac-address 000c.257e.f7aa.
>>
>> % Interface range command failed for FastEthernet0/9
>> Rack1SW2(config-if-range)#
>> Rack1SW2#sh run int fa
>> 1d01h: %SYS-5-CONFIG_I: Configured from console by console
>> Rack1SW2#sh run int fa 0/9
>> Building configuration...
>>
>> Current configuration : 109 bytes
>> !
>> interface FastEthernet0/9
>> switchport access vlan 4
>> switchport mode access
>> switchport port-security
>> end
>>
>> Rack1SW2#sh run int fa 0/8
>> Building configuration...
>>
>> Current configuration : 162 bytes
>> !
>> interface FastEthernet0/8
>> switchport access vlan 4
>> switchport mode access
>> switchport port-security
>> switchport port-security mac-address 000c.257e.f7aa
>> end
>>
>> Rack1SW2#conf t
>> Enter configuration commands, one per line. End with CNTL/Z.
>> Rack1SW2(config)#int fa 0/9
>> Rack1SW2(config-if)#switch acc vlan 5
>> Rack1SW2(config-if)#
>> Rack1SW2(config-if)#switchport port-security mac-address 000c.257e.f7aa
>> Rack1SW2(config-if)#
>> Rack1SW2#
>> Rack1SW2#
>> Rack1SW2#sh run int
>> 1d01h: %SYS-5-CONFIG_I: Configured from console by console
>> Rack1SW2#sh run int fa 0/8
>> Building configuration...
>>
>> Current configuration : 162 bytes
>> !
>> interface FastEthernet0/8
>> switchport access vlan 4
>> switchport mode access
>> switchport port-security
>> switchport port-security mac-address 000c.257e.f7aa
>> end
>>
>> Rack1SW2#sh run int fa 0/9
>> Building configuration...
>>
>> Current configuration : 162 bytes
>> !
>> interface FastEthernet0/9
>> switchport access vlan 5
>> switchport mode access
>> switchport port-security
>> switchport port-security mac-address 000c.257e.f7aa
>> end
>>
>>
>>
>> See?
>>
>>
>> On Tue, Jan 20, 2009 at 10:12 AM, Mark Stephanus Chandra <
>> mark.chandra@gmail.com> wrote:
>>
>> > Guys,
>> >
>> >
>> >
>> > I want to configure my mac-address to be allowed on multiple port on a
>> > switch port-security.
>> >
>> >
>> >
>> > But when I insert the configuration, I have duplicated mac-address error.
>> >
>> >
>> >
>> > switchport port-security mac-address 000c.257e.f7aa
>> >
>> > Found duplicate mac-address 000c.257e.f7aa.
>> >
>> >
>> >
>> > Anyway, I just curious, is this can be done ? Configuring port-security
>> > mac-address command with the same mac-address on the multiple ports ?
>> >
>> >
>> >
>> > Thanks in advance
>> >
>> >
>> >
>> > Regards
>> >
>> >
>> >
>> > Mark Stephanus Chandra
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Pavel Bykov
>> ----------------
>> Don't forget to help stopping the braindumps, use of which reduces value of
>> your certifications. Sign the petition at http://www.stopbraindumps.com/
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST