Configuring and Displaying MAC Mobility

MAC mobility is handled automatically by the EVPN control plane. However, it is important to deal with duplicate MAC address scenarios appropriately. Therefore, some special parameters are available to help with the remediation in such scenarios, as explained in the About MAC Mobility with EVPN section above.

You can (optionally) configure the three duplicate MAC address parameters on a per vRouter basis with the following command:

CLI (network-admin@switch) > vrouter-create name <vr-name> evpn-dup-addr-max-moves <count> evpn-dup-addr-moves-duration <seconds> evpn-dup-addr-freeze <seconds>

When not specified, the default values are:

  • evpn-dup-addr-max-moves: 5
  • evpn-dup-addr-moves-duration: 180
  • evpn-dup-addr-freeze: 180

You can also modify those parameters with the vrouter-modify command.

For example, let’s consider the case in which those three parameters are modified from the default values and are configured to 8, 401 and 301, respectively. You can display the new values with the following condensed command:

CLI (network-admin@switch*) > vrouter-show format name,evpn-border,evpn-dup-addr-max-moves,evpn-dup-addr-moves-duration,evpn-dup-addr-freeze,evpn-border

name     evpn-border evpn-dup-addr-max-moves(s) evpn-dup-addr-moves-duration(s) evpn-dup-addr-freeze

-------- ----------- -------------------------- ------------------------------- --------------------

vRouter1 enable      8                          401                             301

vRouter1 enable      8                          401                             301

In this case, if 8 MAC moves are detected in a 401 second time window, the duplicate MAC address entry is frozen for 301 seconds to facilitate the operator in the remediation. The frozen entry and the corresponding sequence number received before the 8th MAC move can be displayed with the following command:

CLI (network-admin@switch) > vrouter-evpn-duplicate-mac-show

switch       vrouter-name    host-mac          seq

------------ --------------- ----------------- ---

switch       vRouter1        00:12:c0:80:33:6a 7

This output will clear after dup-addr-freeze (180, by default) seconds have elapsed.

Furthermore, the total MAC move count can be periodically checked in the MM (MAC Move) field with this command:

CLI (network-admin@switch) > switch * vrouter-evpn-bgp-routes-show route-type 2 format vrouter-name,rd,vni,mac,route-type,next-hop,extended-community

switch  vrouter-name rd        vni    mac               route-type next-hop  path  extended-community

------- ------------ --------- ------ ----------------- ---------- --------- ----- ------------------------

switch  vr2 100100 2e:d7:27:b9:11:6d 2 66001 RT:465:100100 ET:8 MM:48

switch1 vr1 100100 2e:d7:27:b9:11:6d 2 66001 RT:465:100100 ET:8 MM:48

In addition, typically for troubleshooting purposes, you can see each MAC move being notified and logged on a node by using the following command and looking for the string action MAC_MOVE:

CLI (network-admin@switch) > vrouter-log-show vrouter-name vr2 protocol evpnsnoop





2021-05-21,05:24:26.075.:rs_msg.c:624:rs_msg_vport_update_event_cb  L2_UPDATE mac: 2e:d7:27:b9:11:6d,  log_type l2-modify caller cluster-status: vxlan 100100, vlan 100 reason:modify,evpn-mac-move owner_flags 0x0, over_

tunnel 1791,  2e:d7:27:b9:11:6d action MAC_MOVE ip


which shows the MAC move happening due to a certain host configured with a certain MAC and IP address pair. That information can be compared to the same command output obtained on the other node where the address duplication is also happening.