ClusterXL Virtual MAC (VMAC) mode and Cisco Conversational MAC Learning are not compatible

Support Center > Search Results > SecureKnowledge Details

Technical Level

Symptoms

Cisco switches repeatedly send broadcast queries to search for the MAC address on each new connection because the switches are not learning the MAC address of the Check Point cluster Virtual IP address in the following scenario:
- VMAC mode is configured on ClusterXL (per sk50840).
- "Cisco Conversational MAC Learning" or "Cisco FabricPath" is enabled on the Cisco switches.

Cause

Flow of events as investigated by Cisco Support:

Traffic originated from the cluster member is sent with the physical Source MAC address of the corresponding interface and not with VMAC Source address (relevant for Gaia OS R77.30 and lower).
Destination replies to VMAC address.
When a host sends traffic to the cluster, the payload is VMAC Source address, but in the destination Ethernet frame it is the physical MAC address of the Active cluster member, and the Source MAC address is the host's MAC address.
Since Cisco "Conversational MAC Learning" requires both directions to be sent to the same MAC address, the switch will not learn the VMAC address.
With "Conversational MAC Learning", the switch will remember the MAC address only if both directions are the same.
Cisco Nexus switch is sending the traffic to a broadcast MAC address, trying to learn the MAC address again, which starts flooding the network.
Although no outage is caused, this network flood causes a major impact.

Solution

Note: To view this solution you need to Sign In .