Catalyst 6500/6000 Switches ARP or CAM Table

譯：https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/71079-arp-cam-tableissues.html

Catalyst交換機維護多種類型的表，這些表專爲第2層交換或多層交換（MLS）而定製，並保存在very fast的memory中，以即可以並行比較幀或數據包中的許多字段。

 

ARP-將IP地址映射到MAC地址，以便在第2層廣播域內提供IP通訊。

例如，主機B想要向主機A發送信息，但在其ARP緩存中沒有主機A的MAC地址。主機B爲廣播域內的全部主機生成廣播消息，以獲取與主機A的IP地址關聯的MAC地址。廣播域內的全部主機都接收ARP請求，而且只有主機A以其MAC地址進行響應。

 

CAM-All Catalyst交換機型號使用CAM表進行第2層交換。當幀到達交換機端口時，源MAC地址被學習並記錄在CAM表中。到達端口和VLAN都記錄在表中，並附有時間戳。若是在一個交換機端口上學習的MAC地址已移至另外一個端口，則會記錄最近到達端口的MAC地址和時間戳。而後，刪除上一個條目。若是發現表中已存在正確到達端口的MAC地址，則僅更新其時間戳。

 

三元內容可尋址存儲器（Ternary Content Addressable Memory，TCAM） - 在多層交換機中，傳統路由中提供的訪問控制列表（ACL）的全部進程（例如匹配，過濾或控制特定流量）都在硬件中實現。 TCAM容許在單個表查找中針對整個訪問列表評估數據包。大多數交換機具備多個TCAM，所以能夠同時評估入站和出站安全性以及QoS ACL，或者徹底與第2層或第3層轉發決策並行評估。

 

在分佈式交換中，每一個分佈式特性卡（DFC）負責維護每一個本身的CAM表。 這意味着每一個DFC都會學習MAC地址並對其進行老化，這取決於CAM老化和與特定條目匹配的流量。

對於分佈式交換，一般狀況下，supervisor engine在一段時間內看不到特定MAC地址的任何流量，該條目可能會過時。 目前有兩種機制可使CAM表在不一樣引擎之間保持一致，例如DFC（present in line modules）和策略功能卡（PFC）（present in supervisor modules）：

• Flood to Fabric (FF)

• MAC Notification (MN)

當PFC上的MAC地址條目老化時，show mac-address address <MAC_Address> all 命令能夠查看保存此MAC地址的DFC或PFC。

爲了防止DFC或PFC上的條目超時，即便沒有該MAC地址的流量，也要啓用MAC地址同步。 配置如下命令以啓用同步，mac-address-table synchronize命令可從CiscoIOS®軟件版本12.2（18）SXE4及更高版本使用：

Cat6K-IOS(config)#mac-address-table synchronize

啓用它後，仍然能夠看到PFC或DFC中不存在的條目。However, the module has a way to learn it from others that use Ethernet Out of Band Channel (EOBC).

Caution: The mac-address-table synchronize command purges the routed MAC entires. In order to avoid this, disable the routed MAC purging with the mac-address-table aging-time 0 routed-mac global configuration command.

 

Unicast Flooding in the Network Every 5 Minutes

LAN switches use forwarding tables, such as Layer 2 and CAM tables, to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry that corresponds to the destination MAC address of the frame in the incoming VLAN, the (unicast) frame is sent to all forwarding ports within the respective VLAN. This causes flooding. The very cause of flooding is that the destination MAC address of the packet is not in the Layer 2 forwarding table of the switch. In this case, the packet is flooded out of all forwarding ports in its VLAN, except the port it is received on.

The default ARP table aging time is 4 hours while the CAM holds the entries for only 5 minutes. The switch sends out a frame to all forwarding ports within the respective VLAN when the destination MAC address is aged out from the CAM table. You need a CAM aging timer greater or equal to the ARP timeout in order to prevent unicast flooding. As a workaround, you can issue one of these commands in order to increase the CAM aging timer for the VLAN you are having trouble with to match the ARP aging time:

• For CatOS, issue the set cam agingtime command.

• For Cisco IOS software, issue the mac-address-table aging-time command.

Note: In any Catalyst environment that runs a Hot Standby Router Protocol (HSRP), it is recommended that you ensure the CAM and ARP timers are synchronized.

Refer to Unicast Flooding in Switched Campus Networks for information on possible causes and implications of unicast packet flooding in switched networks.