Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Loop Detection for Duplicate MAC Addresses

Understanding Duplicate MAC Address Loop Detection

Note: For information on how to change settings for duplicate MAC address detection, see duplicate-mac-detection.

You can use duplicate MAC address loop detection to detect and resolve loops within the same broadcast domain in an EVPN fabric or between EVPN fabrics. A loop can occur when there is a backdoor path between two provider edge (PE) devices. Because of the backdoor path, PEs could forward a frame back and forth continuously.

There are two types of loops: local and global. A local loop occurs when there is a backdoor path within the same physical interface or between two attachment circuits (ACs) in the same network virtual interface (NVE). A backdoor path can occur when there is a Layer 2 connection between NVEs within an EVPN instance (EVI).

Figure 1: Backdoor Link in an EVPN Fabric Backdoor Link in an EVPN Fabric

A global loop occurs when there is a backdoor link between two ACs in the same EVI, but the EVIs are located in different NVEs.

Figure 2: Backdoor Link Between Two EVPN Fabrics Backdoor Link Between Two EVPN Fabrics

We have enhanced duplicate MAC detection to detect and resolve loops. You can resolve the loops by either blocking duplicate MAC addresses or shutting down the local interfaces associated with the duplicate MAC addresses. For duplicate MAC resolution to work, you also need to configure duplicate MAC address detection.

When a MAC address is marked as a duplicate MAC address, a PE device drops any packet that has a source address or destination address of the duplicate MAC address. Optionally, instead of dropping packets, you could configure a PE device to bring down the attachment circuit on which the frame was last seen.

To block duplicate MAC addresses and shut down their associated local interfaces, enable the action <block | shutdown> statement at the [edit routing-instances name protocols evpn duplicate-mac-detection] hierarchy. To track local MAC address mobility movements, enable the include-local-moves statement at the [edit routing-instances name protocols evpn duplicate-mac-detection] hierarchy.

Sample Configurations

Blocking Duplicate MAC Addresses

Here is a sample configuration that shows you how to block duplicate MAC addresses.

Shutting Down Local Interfaces

Here is a sample configuration that shows you how to shut down the local interfaces that are associated with the duplicate MAC addresses.

Manually Clearing Duplicate MAC Addresses

To manually clear the duplicate MAC addresses, issue the clear evpn duplicate-mac-suppression command.

You can also clear duplicate MAC addresses individually or per Layer 2 domain by issuing the clear evpn duplicate-mac-suppression l2-domain-id or clear evpn duplicate-mac-suppression mac-address commands.

Manually Recovering Interfaces that were Shut Down

To manually recover the interface that was shut down, issue the clear ethernet-switching recovery-timeout command.