Guest

Cisco Nexus 7000 Series Switches

FabricPath Proxy Layer 2 Learning and MAC Address Proxy Configuration Example

Document ID: 117298

Updated: Jan 23, 2014

Contributed by Al Bryant, Cisco TAC Engineer.

   Print

Introduction

This document describes the Proxy L2 Learning or Proxy MAC Learning feature added in Release 6.2(2) which allows you to increase the MAC scalability in a FabricPath domain. This feature allows you to take advantage of the larger MAC table in M Series modules, even in FabricPath. FabricPath is not supported on the M Series modules, but it can still leverage the MAC table of an M Series module.

Prerequisites

Requirements

Cisco recommends that you have knowledge of FabricPath basic concepts.

Components Used

The information in this document is based on these software and hardware versions:

  • Nexus 7000 Release 6.2(2) or later on spine and leaf switches
  • NX-OS Release 6.2(2)
  • M1/M2 + F1 Virtual Device Context (VDC) or M1/M2 + F2E VDC at the spine (L2/L3 boundary)

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

When there is an M Series module and an F1 or F2e in the same VDC, MAC address learning occurs on the core ports of the F Series module by default. This is called Remote MAC Learning. In this Remote MAC learning mode, you are limited to 16,000 total network MAC addresses in the FabricPath domain due to the F Series MAC table capacity.

In Release 6.2(2) and later, any time the F2e is in the same VDC as an M Series module, the F2e operates in Layer 2 mode only. In this case, the larger MAC address table of the M Series module can be used to learn up to 128,000 total MAC addresses in the FabricPath domain. In order for this to occur, you need to enable the Proxy MAC Learning mode.

In order to enable Proxy MAC Learning, the user must manually disable Remote MAC Learning on the M1/M2 + F1 VDC or M1/M2 + F2E VDC spines and disable FabricPath core port MAC learning on all core port switch-on-chips (SOCs) on the spine and on the core port SOCs of any F2 leaf switches.

All local MAC addresses learned on all Classic Ethernet (CE) ports are synchronized to all FabricPath core ports. This changed in Release 6.1(2) and later on F2/F2E and changed in Release 6.2(2) and later on F1. In earlier releases, no MAC learning was completed on the core ports (other than broadcast learning on F2). This leaves you with the limitation of 16,000 local MAC addresses on any leaf switch that meets the above conditions. This is true even when you disable core port learning.

Feature Benefits

These tables have the specified maximum number of table entries:

  • F1/F2/F2e MAC Address Table-16, 000 entries; this allows you to have 16,000 local MAC addresses per Nexus 7000 leaf versus 16,000 total network MAC addresses (local and remote) per Nexus 7000 leaf.

  • M1/M2 MAC Address Table-128, 000 entries; this allows you to have 128,000 total network MAC addresses at the spine in a typical design (L2 leaves, L3/SVI spines). This assumes M1/M2 + F1 VDC or M1/M2 + F2E VDC as the spines.

Configure

This section describes how to configure MAC address learning.

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

Network Diagram

On the M1/M2 + (F1 or F2e) mixed spine VDCs:

  1. Enter the no mac address-table fabricpath remote-learning command in order to disable remote MAC learning on all spines.

    • This prevents the spine F1/F2e modules from learning remote MAC addresses.
    • M1/M2 modules still learn MAC addresses from routed traffic.
    • ALL switches in the FabricPath domain must run Release 6.2(2).
    • This is a per-VDC configuration.
  2. Enter the no hardware fabricpath mac-learning module <x> [port-group <x>] command in order to disable FabricPath core port MAC learning on all SOCs with ONLY core ports.

    • This prevents F1/F2e modules from learning on multicast frames.
    • M1/M2 modules still learn MAC addresses that send/receive multicast traffic when the Switch Virtual Interface (SVI) for the given VLAN is present.
    • Configured in the default/admin VDC, per-module or port-group.
    • Warning: Only disable on SOCs with NO CE ports. If CE ports are on the SOC, do NOT disable core port learning. It is required for the CE ports to learn MAC addresses.

If there are F2 leaf switches present:

  1. Enter the no hardware fabricpath mac-learning module <x> [port-group <x>] command in order to disable FabricPath core port MAC learning on all F2 SOCs with core ports connected.

    • This prevents F2 from learning on broadcast/multicast frames.
    • Warning: Only disable on SOCs with NO CE ports. If CE ports are on the SOC, do NOT disable core port learning. It is required for the CE ports to learn MAC addresses.

  2. Enter the switchport trunk allowed vlan..... command in order to prune allowed VLAN lists on F2 CE edge ports.

    • This prevents F2 CE ports from learning every packet on broadcast for the given VLAN.
    • This is not required, but it is a best practice in order to maximize MAC address scalability.

Also see Cisco bug ID CSCuj98135, N7K: FP Proxy L2 Learning breaks Proxy L3 Forwarding For Unicast Traffic.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 23, 2014
Document ID: 117298