Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 10
Registered: ‎05-09-2011

MAC address leaking through

Hi

I'm trying to get our datacenter hooked up to a Toronto Exchange network (Torix), but unfortunately a problem has come up that I have not been able to find a solution for.

Torix uses port security when allowing others to connect to them. Only MAC address of the L3 device that holds IP used for BGP peering is allowed in. I have specified which MAC address they should expect from us, but it seems that a MAC address from a device used for L2 transport is leaking into their network, which causes our port to be blocked.

I have attached a drawing of the connection.

FastIron Edge X424 is where the issue occurs. As you can see from the drawing there are 3 ports involved. Port 3 is what connects us to Torix. Port 1 connects us to a fiber provider. Port 2 connects this switch to edge device in out datacenter. Torix' equipment for some reason detects MAC address of port 1 one FastIron switch, when it should only see MAC of port two on BigIron. The only place where IPs are assigned are Cogent, Torix and BigIron.

I have disabled STP on all port involved and it made no difference. BigIron is set to route-only globally.

Does any one have suggestions how this can be fixed?

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: MAC address leaking through

Hi,

     Do you have LLDP,FDP, CDP or the like on port 1 of the FESX?  suggest to mirror port 3 (or use a TAP) and see what traffic is being passed.

Thanks

Michael.

Occasional Contributor
Posts: 10
Registered: ‎05-09-2011

Re: MAC address leaking through

No, I don't have LLDP, FDP,CDP or the like enabled on port 1. Unfortunatly this switch is in a remote facility, I'm going to have to arrange for someone to go there to run wireshark and see what's happening. I know Cogent uses LLDP on their network, I wonder if this has something to do with it.

Here is a config for it:

FESX424 Switch(config)#show running-config interface eth1
interface ethernet 1
port-name Cogent
speed-duplex 1000-full-master
no spanning-tree
gig-default neg-off
!
FESX424 Switch(config)#sh int eth 1
GigabitEthernet1 is up, line protocol is up
  Hardware is GigabitEthernet, address is 000c.db69.ae80 (bia 000c.db69.ae80)
  Configured speed 1Gbit, actual 1Gbit, configured duplex fdx, actual fdx
  Configured mdi mode AUTO, actual MDIX
  Member of L2 VLAN ID 2006, port is untagged, port state is FORWARDING
  STP configured to OFF, priority is level0, flow control enabled
  mirror disabled, monitor disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is Cogent
  MTU 10222 bytes
  300 second input rate: 20753368 bits/sec, 10521 packets/sec, 2.23% utilization
  300 second output rate: 244513216 bits/sec, 22932 packets/sec, 24.81% utilization
  195130912493 packets input, 61722378950113 bytes, 0 no buffer
  Received 17358 broadcasts, 1246155 multicasts, 195129648980 unicasts
  1218 input errors, 4 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  388540718265 packets output, 525115831156348 bytes, 0 underruns
  Transmitted 76732 broadcasts, 9372965 multicasts, 388531268568 unicasts
  0 output errors, 991 collisions
Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: MAC address leaking through

Ok looks fine, please let us know what you fine from wireshark.

Thanks

Michael.

Occasional Contributor
Posts: 10
Registered: ‎05-09-2011

Re: MAC address leaking through

I got a nice network engineer from ToRix to mirror port on their device and see what packets are coming in from port 3 on my device. And here is what he got:

22:22:02.456772 00:0c:db:69:ae:80 > 00:e0:52:00:00:00, ethertype Unknown (0x885a), length 151:

         0x0000:  0101 0097 0180 0080 0000 0000 0000 0001  ................

         0x0010:  86a0 020c 6b1a 0000 1388 0000 0000 0251  ....k..........Q

         0x0020:  adf3 020c 6b04 0000 0001 020c 6b1e 0000  ....k.......k...

         0x0030:  6ac2 0040 fe78 0054 397c 0040 fe58 0000  j..@.x.T9|.@.X..

         0x0040:  0000 0085 81e4 0243 8169 0000 0000 0000  .......C.i......

         0x0050:  0008

As you can see mac of the first port is sending traffic to 00:e0:52:00:00:00. A bit of searching on google and I found a thread where a guy is seeing the same type of traffic to the same MAC address. As if this MAC is some kind of a universal variable of some sort.

Link: http://www.gossamer-threads.com/lists/nsp/foundry/21154

So at this point I'm trying to figure out what type of protocol 0x885a is and how to I block it on port 3.

I have attached pcap file from wireshark as well.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: MAC address leaking through

Hi vitali.otavine

     The only thing can find is protocol 0x885a is a Foundry (now Brocade) registered ethertype.  Not what it does though.  Sure you found much the same.

Looks like they use this MAC address of 00:e0:52:00:00:00 as a broadcast address - I can only suggest to contract the TAC and see if this can be turned off (and please post back here if they can tell you what it is used for).

Thanks

Michael.

Occasional Contributor
Posts: 12
Registered: ‎06-18-2011

Re: MAC address leaking through

See the cut and past below from the Fastiron configuration guide.  By default port 1 and much of the management traffic will have the same mac address.  This would cause one to mistakenly believe that traffic is leaking.

• FGS and FLS devices running software release 04.0.00 and later
• FGS-STK and FLS-STK devices running software release 05.0.00 and later
• FWS devices running software release 04.3.00 or later
By default, Brocade Layer 2 devices use the MAC address of the first port as the MAC address for Layer 2
management traffic. For example, when the Brocade device receives an ARP request for its management IP
address, it responds with the first port’s MAC address. This may cause problems in some configurations where the
Brocade device uses the same MAC address for management traffic as for switched traffic.
Starting with the software releases listed above, you can configure the Brocade device to use a different MAC
address for Layer 2 management traffic than for switched traffic. When you issue the use-local-managementmac,
the Brocade device changes a local bit in the first port’s MAC address and uses this MAC address for
management traffic. The second bit of the first port’s MAC address is changed to 2. For example, if the MAC
address is 00e0.5201.9900 after the feature is enabled, the switch uses 02e0.5201.9900 for management
functions. Switched traffic will continue to use the first port’s MAC address without the local bit setting.
EXAMPLE:
FastIron(config)#use-local-management-mac
FastIron(config)#write memory
FastIron(config)#end
FastIron#reload

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.