Configuration Guide User guide
FastIron Configuration Guide 565
53-1002494-02
Flow-based MAC address learning
MAC address is learned on a trunk port, the MAC address is also programmed on all of the packet
processors that have ports in the same trunk group. Once the MAC address is programmed in
hardware, subsequent packets with this destination MAC are forwarded as known unicast packets
and are not copied to the CPU.
Flow-based MAC addresses are aged out by the source packet processor according to the MAC age
time learned on the local port. Furthermore, when a flow-based MAC address is aged out from the
source packet processor, it is also aged out from all other packet processors on which the address
is programmed. In the above example, when MAC address X is aged out from PP 1, it is also aged
out from PP2.
NOTE
Even when flow-based MAC address learning is enabled, some MAC addresses, including but not
limited to control MACs, static MACs, multicast MACs, and MAC addresses resolved through ARP, will
continue to be global MAC addresses. These MAC addresses are always programmed in all packet
processors in a Layer 2 or Layer 3 switch.
NOTE
Global MAC addresses have priority over dynamic flow-based MAC addresses. To ensure that global
MAC addresses are in sync across all packet processors, flow-based MAC addresses may be
overwritten in one or more packet processors. The MAC addresses will be relearned and
reprogrammed using the flow-based method as needed by incoming traffic flows.
Flow-based learning configuration considerations
When configuring flow-based MAC learning, consider the rules and limitations in this section.
• Flow-based MAC learning is not supported with the following features:
• Disabling the automatic learning of MAC addresses (CLI command mac-learn-disable).
• Globally disabling Layer 2 switching (CLI command route-only)
• When flow-based MAC learning is enabled, unknown unicast packets are copied to the CPU.
Therefore, flow-based MAC learning should not be enabled if a continuous high rate of
unknown unicast packet flooding is expected, as this will cause high CPU utilization.
• Unknown unicast flooding can occur for a known destination MAC address, if the system fails
to program that destination MAC address because the hardware MAC table or hash bucket is
full. This condition can also lead to high CPU utilization.
• A source MAC address is learned only on the ingress (source) packet processor. The MAC
address is added to other packet processors as needed by their incoming traffic flows. During
a brief period until the destination MAC address is successfully added to the hardware MAC
table, unknown unicast flooding is expected on the VLAN.
• When a flow-based MAC address moves, it is deleted from all of the packet processors, then
relearned on each packet processor individually, as needed by incoming traffic flows.
• The software MAC address table in the CPU uses a hashing algorithm. Because hash collisions
can occur and may consume software resources, the FastIron may not be able to support up to
32K MAC addresses.
• The system can scale up to 32K MAC addresses, however, each packet processor is limited to
a maximum of 16K MAC addresses. This limit still applies, as this is a hardware limitation.