Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] How to check forwarding database (FDB) hash collision

0

0

Article ID: KB32325 KB Last Updated: 06 Dec 2017Version: 1.0
Summary:

This KB describes how to check forwarding database (FDB) hash collision for the following switches:

  • EX2200
  • EX3300
  • EX4200
  • EX4500
  • EX4550
Symptoms:

If there is a FDB hash collision, an EX switch cannot learn the specific MAC address. Also, packet flooding occurs in the same VLAN when the EX switch receives a packet with that MAC address as the destination. For example, you cannot see a specific MAC address with 'show ethernet-switching table'. When checking with 'show ethernet-switching mac-learning-log', the learning/deleting log is seen with that MAC address in a short while.
If that MAC address belongs to VLAN which has routed VLAN interface, EX would send out GARP often.

Cause:

EX switch installs MAC address in FDB by using the hash value created from MAC address and VLAN ID.
In the case of EX4200, there are 8,192 hash indices and it can install four MAC addresses per hash index.




When EX switch tries to install MAC address, but four MAC address have already been installed in the same index, it cannot be installed due to hash collision.

Solution:

Use the command, 'show ethernet-switching mac-learning-log' to check if MAC learning and deleting are seen with specific MAC address in a short while.

In the following sample output, EX is learning 00:00:5a:e1:b3:17 but deleting it at the same time.

root@EX4200> show ethernet-switching mac-learning-log 
Wed Nov 22 08:14:35 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was deleted on ae0.0 
Wed Nov 22 08:14:37 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was learned on ae0.0 
Wed Nov 22 08:14:37 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was deleted on ae0.0 
Wed Nov 22 08:14:39 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was learned on ae0.0 
Wed Nov 22 08:14:39 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was deleted on ae0.0 
Wed Nov 22 08:14:41 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was learned on ae0.0 
Wed Nov 22 08:14:41 2017 vlan_name vlan1000 mac 00:00:5a:e1:b3:17 was deleted on ae0.0 

Next, collect FDB table with the following command at shell mode:

date >> /var/tmp/fdb-fpc0.txt 
cprod -A fpc0 -c "show shim bridge fdb" >> /var/tmp/fdb-fpc0.txt 

*This is an example when collecting output for FPC0.
*Please collect it several times when target packet is flowing over EX.


The following sample FDB output observes FDB hash collision with 00:00:5a:e1:b3:17. In this example, hash index is 0x02C0, and 0x0, 0x1, 0x2, and 0x3 are offset value for this hash index.
EX tried to install 00:00:5a:e1:b3:17 in hash index 0x02C0, but failed since all four entries were allocated.

0 0 1000 00:00:63:4E:39:F2 Tr 16 F|1|0|0|0 0|0 0 0 0 0 0|0 0|0 0x02C0/0x3 
1 0 1000 00:00:63:4E:39:F2 Tr 16 F|1|0|0|0 0|0 0 0 1 1 0|0 0|0 0x02C0/0x3 
0 0 1000 00:00:6B:FA:86:65 Tr 16 F|1|0|0|0 0|0 0 0 0 0 0|0 0|0 0x02C0/0x2 
1 0 1000 00:00:6B:FA:86:65 Tr 16 F|1|0|0|0 0|0 0 0 1 1 0|0 0|0 0x02C0/0x2 
0 0 1000 00:00:8B:8A:66:6B Tr 16 F|1|0|0|0 0|0 0 0 0 0 0|0 0|0 0x02C0/0x1 
1 0 1000 00:00:8B:8A:66:6B Tr 16 F|1|0|0|0 0|0 0 0 1 1 0|0 0|0 0x02C0/0x1 
0 0 1000 00:00:AC:28:FD:17 Tr 16 F|1|0|0|0 0|0 0 0 0 0 0|0 0|0 0x02C0/0x0 
1 0 1000 00:00:AC:28:FD:17 Tr 16 F|1|0|0|0 0|0 0 0 1 1 0|0 0|0 0x02C0/0x0 
0 0 1000 00:00:5a:e1:b3:17 Tr 16 0x02C0/0x0 Hash-table collision failure
1 0 1000 00:00:5a:e1:b3:17 Tr 16 0x02C0/0x0 Hash-table collision failure


Additional sample output. In this example, EX was unable to install 00:15:3d:15:4e:ed in FDB with index 0x1579/0xB.

0 0 1000 00:15:3d:15:4e:ed Tr 16 0x1579/0xB Hash-table collision failure


In this example, FDB index 0x1579/0xB would be 0x1584(0x1579 + 0xB). Check FDB index 0x1584 and can see already four entries were installed in this index and that's why 00:15:3d:15:4e:ed couldn't be installed in FDB. 

0 0 1000 00:15:3D:15:8A:84 Tr 16 F|1|0|0|0 0|0 0 0 6 6 0|0 0|0 0x1584/0x0 
1 0 1000 00:15:3D:15:8A:84 Tr 16 F|1|0|0|0 0|0 0 0 7 7 0|0 0|0 0x1584/0x0 

0 0 1278 00:15:3D:15:83:1B Tr 16 F|1|0|0|0 0|0 0 0 6 6 0|0 0|0 0x1584/0x1 
1 0 1278 00:15:3D:15:83:1B Tr 16 F|1|0|0|0 0|0 0 0 7 7 0|0 0|0 0x1584/0x1 

0 0 1534 00:15:3D:15:9E:A7 Tr 16 F|1|0|1|0 0|0 0 0 6 6 0|0 0|0 0x1584/0x2 
1 0 1534 00:15:3D:15:9E:A7 Tr 16 F|1|0|0|0 0|0 0 0 7 7 0|0 0|0 0x1584/0x2 

0 0 1975 00:15:3D:15:8C:9E Tr 16 F|1|0|0|0 0|0 0 0 6 6 0|0 0|0 0x1584/0x3 
1 0 1975 00:15:3D:15:8C:9E Tr 16 F|1|0|0|0 0|0 0 0 7 7 0|0 0|0 0x1584/0x3 

*Although you collected 'show shim bridge fdb' several times, there might be no 'Hash-table collision failure'.  This failure is seen when EX tries to install MAC address, so if there is no target MAC address coming in EX, you may not see this failure.


Although hash collision is observed, traffic failure would not be seen since EX will flood that packets as Unknown unicast in the same segment. To avoid such flooding, add mac-lookup-length option.

‚Äčset ethernet-switching-options mac-lookup-length 8

*Please refer to the document mac-lookup-length for details.

This option will expand the number of entries per hash index. In case of mac-lookup-length 8, free space in next index will be allocated when four entries have already been allocated for initial index.


 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search