• Breaking News

    [Android][timeline][#f39c12]

    Sunday, June 12, 2022

    ACI traffic forwarding unicast routing on/off? Networking

    ACI traffic forwarding unicast routing on/off? Networking


    ACI traffic forwarding unicast routing on/off?

    Posted: 11 Jun 2022 07:48 PM PDT

    If IP UNICAST ROUTING is off: The forwarding decisions on the leafs for L2 are it'll query the LST or GST and see what local port or remote VTEP the MAC belongs to. From there it will either send the packet straight to the remote VTEP through the overlay-1 network or if its an unknown L2 mac address (a MAC the leafs don't know) it'll flood and learn it out via the multicast BD ip group it has joined or will route the packet up to the spine anycast VTEP address and the spine will lookup the L2/L3 MAC/IP in its tables then send it onto the correct leaf, the correct remote leaf then sends a packet right back to the original leaf seeing as it now has the scr ip of the original VTEP and the original MAC to of the host that sent the packet. If the spine doesn't know the dst IP then it will send an ARP out with the scr ip being the primary address of the BD subnet (not the VIP) to all the leafs on which the BD is on

    If IP UNICAST ROUTING is enabled then the leafs will base their forwarding decisions off the IP add in the LST/GST tables and will follow the same order of operations as L2 does but for the L3 IP address instead of the L2 MAC address and the other differences as well are if the leaf doesn't know the dst IP in its LST/GST then it'll check its routing table to see if it has a BD subnet for that dst, if it does then the leaf will forward the packet to the Spine Proxy (if its an ARP packet and ARP flooding is off then it'll unicast ARP to the dst in the ARP packet, if it is then its flooded out using the multicast IP for that BD), from there the spine does the same as above. Unknown L3 unicast traffic is only sent to the spine proxy in routed mode, it isn't flooded via multicast like L2 traffic is....

    submitted by /u/Mjr798
    [link] [comments]

    Has anyone seen a Cisco ASA proxy arp and break a whole network by responding to all ARP requests?

    Posted: 12 Jun 2022 05:43 AM PDT

    We have a really old Cisco ASA 5585 last week it randomly decided it was going to start replying to all arp requests in just 2 networks it was connected to. Looking atthe arp tables there were entries for every IP with the same MAC. We opened a TAC case and issued "Mac-address auto 27000" and this stopped it.

    submitted by /u/Salmify
    [link] [comments]

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel