Posted on December 6, 2021 3:44 am
 |  Asked by Niklas Hoglund
 |  118 views
0
0
Print Friendly, PDF & Email

Hi,

For MAC addresses in EVPN I can limit flapping by
bgp > address-family evpn > host-flap detection window 10.0 threshold 100

When there is a L2 loop I have STP blocking the port.

But there are scenarios where we want to protect against MAC flapping on directly connected ports.
The directly connected port may be a PeerPortChannel port (duplicate MAC received on MLAG interface, or local interface).
*  Q1: Is there any protection for this?
Something similar to Nokia mac-move protection (https://infocenter.nokia.com/public/7750SR217R1A/index.jsp?topic=%2Fcom.nokia.L2_Services_and_EVPN_Guide_21.7.R1%2Fmac_move-d620e1778.html)

*  Q2: Is there any CPU protection against L2 re-learning? Protection between VLAN/Services?

 

Example Syslog:

PortSec: %ETH-4-HOST_FLAPPING: Host 00:00:fe:00:00:01 in VLAN 1000 is flapping between interface Port-Channel1998 and interface Port-Channel1999
PortSec: %ETH-4-HOST_FLAPPING: Host 00:00:fe:00:00:01 in VLAN 1000 is flapping between interface Port-Channel1999 and interface Port-Channel1998

//NH

 

Post your Answer

You must be logged in to post an answer.