Introduction
This document explains how to troubleshoot when there is mac move on Nexus 9000
Nexus by Winstep Software Technologies is a free application that was designed to bring the Dock to Windows-based systems. Despite the fact that there is no version of Nexus for Mac available for download, there are other tools that can successfully replace the standard Dock on your system.
We understand the concept of mac learning and how a table is maintained on a switch, when it switch receives a frame, and associates the MAC address of the sender with the LAN port where it was received. Under loop condition, it may so happen that the same MAC is learnt via two different ports on the switch.
Prerequsite
Topology
+-----------+Po6 +------------+
| N9K_1 +----------+ N9K_2 |
| +----------+ |
+-----------+ +--+---------+
1/3 | | 2/1
| |
| |
+-+---------------+--+
| Server |
+--------------------+
0000.117d.e02e
Troubleshooting
When BCM ASIC learns too many mac-addresses in a short duration, BCM_USD will disable/enable MAC learning in hardware and you can see below message coming up. It could be caused if there are too many mac-moves/flaps/loops or new mac learns/moves exceeds a certain threshold. By default, on Nexus9K, you may not see the logs, which specifically tells us that the switch is experiencing mac-moves. However, in case these movements are high, we will end up seeing the following logs -
These messages are indicative of an event in the mac table. When we have continuous mac moves in the environment, these messages could be seen. Basically, the switch received frames with the same source MAC on two or more interfaces at a very high rate. The switch has a mechanism to count the number of MAC 'move-backs' and weigh them based on the number of times the MAC address moves. The dynamic MAC learning will be disabled by the switch, in order to protect the control-plane.
At this point, you may want to check the mac-move count to understand, if and how many mac-moves have been experienced on the device,
The output of 'Number of MAC Addresses moved' suggests that, the switch is experiencing mac-moves.
Configuration
The next obvious thing is to find out the mac address that is causing this problem and the vlans and the interface information where, this is being experienced. To look for this information, we need to raise the logging level of L2FM from the default value of 2 up to 5 on N9K platform.
In such a case, we can detect and limit the number of times that a MAC address moves from one port to another.
Until Cisco NX-OS Release 6.0(2)U3(1), when a loop was detected between two ports, MAC learning was disabled for 180 seconds.
However, starting 7.0(3)I7(3), we can now configure the switch to bring down the port with the lower interface index, when such a loop is detected by using the 'mac address-table loop-detect port-down' command.
Now, further loop detection after the above command has been enabled, will take down the interface with lower interface index,
Verify
Use the following command to verify the currently configured action,
We can confirm the index of the interface to verify if the correct interface was disabled, as per the feature,
Other Platforms
We can enable mac move notification on the other Nexus platforms using these commands,
Following commands are also available in Nexus5K/6K running versions 6.0(2)N2(1) and later, to shut downs the port:
Chartnexus For Mac
Starting NX-OS release 6.0(2)A8(1) on Nexus 3000, we can configure the action of bringing down the port with the lower interface index when such a loop is detected.