cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1357
Views
0
Helpful
2
Replies

UCS, ACI, Silent Hosts

joel.cason
Level 1
Level 1

I'm trying to better understand where a communication issue is happening between VMware on UCS and ACI.  UCS is a pretty simple config with a port channel to upstream ACI.  Server ports are not using port channels today.

I've got two interfaces (virtual on VMware, not vnics) split between the FIs.  If they don't talk for a long time, then they can't talk to each other.

If I try to ping from A to B, it fails.  Using other interfaces, I can ping A to A and B to B just fine.  Still A to B fails.

As soon as I ping B to A it starts working, in both directions.

It doesn't matter which direction I start but it always manifests the same way.

I know UCS drops unknown unicast but I'm not clear on what is causing this.  Is this some functionality within ACI that is modifying the normal broadcast behavior?  Or am I missing something?

2 Replies 2

edwin.edgerly
Level 1
Level 1

did you ever find a resolution?

 

Steven Tardy
Cisco Employee
Cisco Employee

Before/between/after pings, check UCS FI mac address tables (SSH to UCSM IP):

 

connect nxos a
show mac address-table address <MAC A>
show mac address-table address <MAC B>
exit
connect nxos b
show mac address-table address <MAC A>
show mac address-table address <MAC B>
exit

Can also review the MAC learning history, learns and deletes over time, with command:

 

 

show platform fwm info mac <MAC> <VLAN>

 

Silent hosts will also age out of the UCS FI MAC table at a given interval (typically 14500 seconds or 4+hours). See:

 

show mac address-table aging-time

 

Remember a few things about UCS end host mode:

  1. Unlearned MAC addresses are assumed upstream.
  2. Unlearned MAC addresses of upstream ingress packets are not unicast flooded.
  3. Learned MAC addresses of upstream ingress packets will unprogram learned MAC addresses.

So the first one is straightforward, UCS FI gets a packet from a UCS server, does not have the MAC address learned, then send it upstream.

The second one could be where this is breaking, UCS FI forwards upstream, ACI in turn forwards to other UCS FI, FI-2 doesn't have a MAC programmed so is unknown unicast and drops the packet.

The last one is the wreaks havoc when there are network loops upstream, FI forwards upstream, packet unintentionally reflected back to same FI, FI unlearns MAC.

 

The combination of these sometimes boils down to:

  1. Silent hosts may need to talk before they can be talked to.

 

Do some testing and send some output to help figure out how/why this is breaking.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: