Mailing List Archive

Hi Marcin,

If the hardware FDB is empty, you either do something specific which results in software switching only …

Which isn’t very likely …

You should see at least some entries in the HW FDB … if the switches are linked together, and you have something like LLDP or EDP running, you should at least see the other switch their FDB entries.

What are you trying to do with the devices and what is the config ?

And are you doing something specific in regards that you have disabled MAC learning for instance ? or enabled port security (1 mac per port limitation security feature) ?

Regards,
Erik Bais

From: extreme-nsp [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Marcin Kuczera
Sent: dinsdag 16 april 2013 11:11
To: extreme-nsp@puck.nether.net
Subject: [e-nsp] x650 - hardware FDB table empty

hello,

At the moment I have 3 sites with x650 switch.
All of them running 15.3.1.4 v1531b4-patch1-3

In main site, the problem is that hardware fdb table is not used !?
Hardware-learned entries:
MAC VlanId Flags Port HIT VPLS
===================================================
Hardware-learned In-use count: 0
Num of msgs from FDB : 2258820

on the other sites, this table contains entries equal to what's on show fdb stats.
I was trying to compare configs, there were some dhcp-snooping entries for 2 vlans, but removing them didn't help out (or maybe it requires reload ?)

My main problem is that at the level of ~16k mac addresses I have a lot of unknow-unicast traffic that shouldn't be there.

oh - the only function that is in central site is - mirroring.

Anyone knows how to turn on hardware fdb table ?

Regards,
Marcin

On 2013-04-16 11:27, Erik Bais wrote:
>
> Hi Marcin,
>
> If the hardware FDB is empty, you either do something specific which
> results in software switching only …
>
> Which isn’t very likely …
>
> You should see at least some entries in the HW FDB … if the switches
> are linked together, and you have something like LLDP or EDP running,
> you should at least see the other switch their FDB entries.
>

I use EDP (that works fine), EAPS, ELSM. That's all.

> What are you trying to do with the devices and what is the config ?
>

Just L2 switching, mirroring, EAPS, ELSM, EDP, IGMP Snooping...

> And are you doing something specific in regards that you have disabled
> MAC learning for instance ? or enabled port security (1 mac per port
> limitation security feature) ?
>

There were 2 entries in config :
configure ip-security dhcp-snooping information circuit-id
vlan-information 101 vlan test1
configure ip-security dhcp-snooping information circuit-id
vlan-information 121 vlan test2

but I have them removed and it didn't cause hardware table to learn
anything...

I have ~100Mbit/s of unknow unicast traffic at ~4.5G of internet
traffic... that's a lot.

Regards,
Marcin



> Regards,
>
> Erik Bais
>
> *From:*extreme-nsp [mailto:extreme-nsp-bounces@puck.nether.net] *On
> Behalf Of *Marcin Kuczera
> *Sent:* dinsdag 16 april 2013 11:11
> *To:* extreme-nsp@puck.nether.net
> *Subject:* [e-nsp] x650 - hardware FDB table empty
>
> hello,
>
> At the moment I have 3 sites with x650 switch.
> All of them running 15.3.1.4 v1531b4-patch1-3
>
> In main site, the problem is that hardware fdb table is not used !?
> Hardware-learned entries:
> MAC VlanId Flags Port HIT VPLS
> ===================================================
> Hardware-learned In-use count: 0
> Num of msgs from FDB : 2258820
>
> on the other sites, this table contains entries equal to what's on
> show fdb stats.
> I was trying to compare configs, there were some dhcp-snooping entries
> for 2 vlans, but removing them didn't help out (or maybe it requires
> reload ?)
>
> My main problem is that at the level of ~16k mac addresses I have a
> lot of unknow-unicast traffic that shouldn't be there.
>
> oh - the only function that is in central site is - mirroring.
>
> Anyone knows how to turn on hardware fdb table ?
>
> Regards,
> Marcin
>
>
>
>

On 2013-04-16 11:27, Erik Bais wrote:
>
> Hi Marcin,
>
> If the hardware FDB is empty, you either do something specific which
> results in software switching only …
>
> Which isn’t very likely …
>
> You should see at least some entries in the HW FDB … if the switches
> are linked together, and you have something like LLDP or EDP running,
> you should at least see the other switch their FDB entries.
>
> What are you trying to do with the devices and what is the config ?
>
> And are you doing something specific in regards that you have disabled
> MAC learning for instance ? or enabled port security (1 mac per port
> limitation security feature) ?
>

Ok, I got it. Hopefully I have additional x650 to make a test...

so - on one of the vlans I had:
disable learning vlan "monitoring-sask-in"

This is enough to turn off hardware based learning...
enabling learing on that vlan solved the issue.

Now I'll see if level of unknown-unicasts will go down...

Regards,
Marcin


> Regards,
>
> Erik Bais
>
> *From:*extreme-nsp [mailto:extreme-nsp-bounces@puck.nether.net] *On
> Behalf Of *Marcin Kuczera
> *Sent:* dinsdag 16 april 2013 11:11
> *To:* extreme-nsp@puck.nether.net
> *Subject:* [e-nsp] x650 - hardware FDB table empty
>
> hello,
>
> At the moment I have 3 sites with x650 switch.
> All of them running 15.3.1.4 v1531b4-patch1-3
>
> In main site, the problem is that hardware fdb table is not used !?
> Hardware-learned entries:
> MAC VlanId Flags Port HIT VPLS
> ===================================================
> Hardware-learned In-use count: 0
> Num of msgs from FDB : 2258820
>
> on the other sites, this table contains entries equal to what's on
> show fdb stats.
> I was trying to compare configs, there were some dhcp-snooping entries
> for 2 vlans, but removing them didn't help out (or maybe it requires
> reload ?)
>
> My main problem is that at the level of ~16k mac addresses I have a
> lot of unknow-unicast traffic that shouldn't be there.
>
> oh - the only function that is in central site is - mirroring.
>
> Anyone knows how to turn on hardware fdb table ?
>
> Regards,
> Marcin
>
>
>