Catalyst 6500/6000 Switches ARP or CAM Table

译：https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/71079-arp-cam-tableissues.html

Catalyst交换机维护多种类型的表，这些表专为第2层交换或多层交换（MLS）而定制，并保存在very fast的memory中，以即可以并行比较帧或数据包中的许多字段。

 

ARP-将IP地址映射到MAC地址，以便在第2层广播域内提供IP通讯。

例如，主机B想要向主机A发送信息，但在其ARP缓存中没有主机A的MAC地址。主机B为广播域内的全部主机生成广播消息，以获取与主机A的IP地址关联的MAC地址。广播域内的全部主机都接收ARP请求，而且只有主机A以其MAC地址进行响应。

 

CAM-All Catalyst交换机型号使用CAM表进行第2层交换。当帧到达交换机端口时，源MAC地址被学习并记录在CAM表中。到达端口和VLAN都记录在表中，并附有时间戳。若是在一个交换机端口上学习的MAC地址已移至另外一个端口，则会记录最近到达端口的MAC地址和时间戳。而后，删除上一个条目。若是发现表中已存在正确到达端口的MAC地址，则仅更新其时间戳。

 

三元内容可寻址存储器（Ternary Content Addressable Memory，TCAM） - 在多层交换机中，传统路由中提供的访问控制列表（ACL）的全部进程（例如匹配，过滤或控制特定流量）都在硬件中实现。 TCAM容许在单个表查找中针对整个访问列表评估数据包。大多数交换机具备多个TCAM，所以能够同时评估入站和出站安全性以及QoS ACL，或者彻底与第2层或第3层转发决策并行评估。

 

在分布式交换中，每一个分布式特性卡（DFC）负责维护每一个本身的CAM表。 这意味着每一个DFC都会学习MAC地址并对其进行老化，这取决于CAM老化和与特定条目匹配的流量。

对于分布式交换，一般状况下，supervisor engine在一段时间内看不到特定MAC地址的任何流量，该条目可能会过时。 目前有两种机制可使CAM表在不一样引擎之间保持一致，例如DFC（present in line modules）和策略功能卡（PFC）（present in supervisor modules）：

• Flood to Fabric (FF)

• MAC Notification (MN)

当PFC上的MAC地址条目老化时，show mac-address address <MAC_Address> all 命令能够查看保存此MAC地址的DFC或PFC。

为了防止DFC或PFC上的条目超时，即便没有该MAC地址的流量，也要启用MAC地址同步。 配置如下命令以启用同步，mac-address-table synchronize命令可从CiscoIOS®软件版本12.2（18）SXE4及更高版本使用：

Cat6K-IOS(config)#mac-address-table synchronize

启用它后，仍然能够看到PFC或DFC中不存在的条目。However, the module has a way to learn it from others that use Ethernet Out of Band Channel (EOBC).

Caution: The mac-address-table synchronize command purges the routed MAC entires. In order to avoid this, disable the routed MAC purging with the mac-address-table aging-time 0 routed-mac global configuration command.

 

Unicast Flooding in the Network Every 5 Minutes

LAN switches use forwarding tables, such as Layer 2 and CAM tables, to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry that corresponds to the destination MAC address of the frame in the incoming VLAN, the (unicast) frame is sent to all forwarding ports within the respective VLAN. This causes flooding. The very cause of flooding is that the destination MAC address of the packet is not in the Layer 2 forwarding table of the switch. In this case, the packet is flooded out of all forwarding ports in its VLAN, except the port it is received on.

The default ARP table aging time is 4 hours while the CAM holds the entries for only 5 minutes. The switch sends out a frame to all forwarding ports within the respective VLAN when the destination MAC address is aged out from the CAM table. You need a CAM aging timer greater or equal to the ARP timeout in order to prevent unicast flooding. As a workaround, you can issue one of these commands in order to increase the CAM aging timer for the VLAN you are having trouble with to match the ARP aging time:

• For CatOS, issue the set cam agingtime command.

• For Cisco IOS software, issue the mac-address-table aging-time command.

Note: In any Catalyst environment that runs a Hot Standby Router Protocol (HSRP), it is recommended that you ensure the CAM and ARP timers are synchronized.

Refer to Unicast Flooding in Switched Campus Networks for information on possible causes and implications of unicast packet flooding in switched networks.