Re: L2 behavior?!

I figured it out. The problem is in fact that arp timeout is 4 hours and mac
aging time is 6 minutes on 6k switches. Doesn't have anything to do with
asa. Two 6k switches are connected with two wan routers with 4 p2p L3 links
and between them is ospf. So, when first packet comes from wan cloud 6k1
looks at routing table and sees that destination host is on directly
connected network. It sends arp and it gets respons that host is in vlanif
514. Mac table also learns that host's mac is in interface between 6k1 and
6k2. Since 6k2 has p2p L3 link with primary Wan router, packet from S to H
never goes back to 6k1. After 6 min 6k1 removes entry from mac table but arp
entry remains. When next packet from H to S comes to 6k1, it doesn't know on
which port to send frame, so it floods on all ports in vlan 514.
So, now I'm considering option to have only 6k1 as active hsrp gw and root
bridge for all vlans. Right now I have half vlans active on 6k1 and other
half on 6k2. Also, to configure arp timeout 2 hours and mac aging little bit
less than 2 hours. Also, on p2p L3 links between 6k and wan routers to
configure cost so that traffic takes only one path. It seems littlr bit hard
to follow flow of the traffic with ospf load balancing and load balancing at
layer 2.
What do you think?

On Dec 28, 2010 9:58 PM, "Vijay Shekhar" <v.shekhar_at_globalassurance.net>
wrote:
> I am a bit confused by your statement. May be its just me.
>
> You mentioned that 6k1 - 6k2 and 2960 are in L2 domain, and you also
> mention that 6k2 should do interval Routing. There are contradictory.
>
> If 6k2 is indeed doing interval routing then 6k1 will see the MAC
> address of 6k2 SVI to reach "s".
>
> It would perhaps he helpful if you can list out the VLAN #'s SVI IPs
> and S & H IPs.
>
> Cheers!
>
> -Vijay Shekhar
> CCIE(sec)#17589/CISSP/RHCE.
> http://au.linkedin.com/in/vshekhar
>
>
> Quoting Ivan Hrvatska <ivanzghr_at_gmail.com>:
>
>> Hi,
>>
>> I have scenario like this:
>>
>> H---Asa----6k1-----6k2
>> ! !
>> ! !
>> 2960sw
>> !
>> S
>>
>> H-host in cloud (172.30.4.5), somewhere in distance network.y
>> Asa-running in transparent mode
>> Between 6k switches and 2960 is l2 domain (trunks).
>> 6k switches running hsrp and 6k2 is active gw for vlans 500 and 514. It
is
>> also root bridge for those vlans. Asa has one IP in vlan 500.
>> S is in vlan 514.
>> Problem is that 6k1 never learns mac address of S. When traffic comes
from H
>> 6k1 floods network with packets that should go to S. Only time when 6k1
>> learns S mac address is when you ping S from 6k1. After 480 sec is aging
>> time and mac address is cleared. As I understand 6k1 should forward
packets
>> which has S as destanation to 6k2 as it is active gw for vlan 500 and
then
>> 6k2 should perform intervlan routing. Why flooding happens? Could asa
make
>> some problems cause of transparent mode?
>>
>> Regards
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 29 2010 - 00:43:19 ART