Sorting out System MAC addresses with VPC and VSS – Part 2

Following Part 1 which starts with VPC on Nexus platform, here VSS on Catalyst is compared side by side.

A simple and interesting topology can be used to illustrate. In this case, Nexus and Catalyst use different multichassis technology (VPC and VSS respectively), forming back to back virtual port channel. The effective logical topology becomes greatly simplified (shown on the right side), with benefits including utilization of full bisectional bandwidth, stable all forwarding STP, high resiliency, and ease of adding/removing physical members etc.

VSS Domain ID is very much similar to VPC Domain ID. It is a unique identifier in the topology, which represents logical virtual switch formed by two physical chassis. Only one VSS pair is associated with a particular domain.

Consequently, VSS Domain ID (1-255) is used in protocol negations, therefore must be unique in the network. To illustrate, a pair of 6500 forms VSS. Since VSS is a fully consolidated logical device, it operates as one device in the network. Therefore, the use of common system MAC is necessary to represent the VSS system, for usage such as SPT and LACP. The system MAC must be unique and not tied in with physical devices.

As shown below, a VSS system MAC is derived from the combination of a predefined address (0200.0000.00xx), as well as VSS Domain ID. Since in this case Domain ID is 100, which is 64 in hex, it becomes the last octet.

6500-VSS# sh lacp sys-id

32768,0200.0000.0064

The use of “0200.0000.00xx” may be curious, since it is not assigned to any manufacturer. In this case, it is only used as a system identifier, and its uniqueness assured by the uniqueness of domain ID, therefore it is perfectly acceptable. But imagine another vendor also adopting similar schemes, potential problems may exist.

Another subtlety is the use of VSS and VPC domain ID. Because VPC and VSS derive system MAC from different MAC pool, they can overlap in a common topology. This is another reason for Cisco to preserve assigned MAC addresses, so that future platforms and technologies can be developed.

Looking under the hood at MAC level can be surprising. On the topic of preserving MAC, both Catalyst and Nexus, uses the same MAC for all SVI interfaces (“show interface vlan”). In other words, the MAC addresses on all VLAN interfaces are the same, even though the IP addresses are different.

In order to support the above, the switch maintains its CAM and MAC address table per VLAN. As shown in the display, MAC address 0026.8888.7ac2 is used for all SVI interfaces.  The switch automatically creates a static MAC entry which points to supervisor (MSFC), where per VLAN resolution occurs.

Nexus7k-1# sh mac address

G     -    0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 304     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 306     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 562     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 564     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 820     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 565     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 566     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 590     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 592     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 594     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 340     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 596     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 342     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

G 344     0026.8888.7ac2    static       -       F    F  sup-eth1(R)

Hopefully, a look at system MAC has provided a glimpse into the inner-working of two important data center technologies.