TH8665S loopdetect false hits

Product Discussions System
1

Hello folks!

I have CGNv4 with a bunch of TH14045 in production with very simple topology “on the stick”, one LACP 2x100G, 2 vlans on all units (one for NAT in, one for NAT out). It’s serving traffic without any issue, no loopdetect in logs. Recently I got a pair of a new shiny TH8665S and tried to add it to the scheme.

image
image1053×612 51.8 KB

Everything seems to work, but I got a spam for possible loop at TH8665S:

Aug 28 2025 17:19:52 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 9 Src MAC 001f.a0xx.x949 Dst MAC ffff.ffff.ffff
Aug 28 2025 17:19:38 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 8 Src MAC 001f.a0xx.x94a Dst MAC ffff.ffff.ffff
Aug 28 2025 17:17:12 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 9 Src MAC 001f.a0xx.x949 Dst MAC ffff.ffff.ffff
Aug 28 2025 17:16:58 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 8 Src MAC 001f.a0xx.x94a Dst MAC ffff.ffff.ffff

It keeps spamming even if I disable ethernet 1. Even if there is only one 100G port left in the LACP.
The configuration is very simple:

shared partition
vlan 8
tagged trunk 1
router-interface ve 8
vlan 9
tagged trunk 1
router-interface ve 9
interface ethernet 1
trunk-group 1 lacp
interface ethernet 3
enable
trunk-group 1 lacp
interface ethernet 5
enable
trunk-group 1 lacp
interface ethernet 7
enable
trunk-group 1 lacp
interface ethernet 9
enable
trunk-group 1 lacp
interface ethernet 11
enable
trunk-group 1 lacp
interface trunk 1
interface ve 8
ip address 10.yy.yy.yy 255.255.255.240
ip nat inside
interface ve 9
ip address 10.zz.zz.zz 255.255.255.240
ip nat outside

Mac learning works as expected:

A10-8665-1.CV19#sh switch mac-table
Mac Tables:
L2 Cache Table:
L2: ERROR: Feature unavailable

L2 User Table:
mac=18:ef:63:xx:xa:75 vlan=8 GPORT=0x0 Trunk=1 Hit
mac=00:1f:a0:xx:x3:68 vlan=8 GPORT=0x0 Trunk=1 Hit
mac=18:ef:63:xx:xa:75 vlan=9 GPORT=0x0 Trunk=1 Hit
mac=00:1f:a0:xx:x3:69 vlan=9 GPORT=0x0 Trunk=1 Hit
mac=00:1f:a0:xx:x7:99 vlan=9 GPORT=0x0 Trunk=1 Hit
mac=00:1f:a0:xx:x2:49 vlan=9 GPORT=0x0 Trunk=1 Hit
mac=00:1f:a0:xx:x2:48 vlan=8 GPORT=0x0 Trunk=1 Hit

The upper switch doesn’t detect any mac-flapping. I even tried to tcpdump the port-channel to the 8665, and found nothing suspicious. Strange thing is that it’s always detected from PU1 and never from PU2. Software version 6.0.6-SP1, build 1 (Feb-03-2025,17:18)

I tried 2 different sites, and 2 different units, the behavior is almost the same. Somehow I managed to get rid of it by deleting/recreating LACP while randomly shutting/unshutting ethernet interfaces on the first site. But I can’t do the trick with the new one. Any ideas?

2

I removed all lacp configuration, and disabled all interfaces exept one. At the upper switch I configured ‘no switchport’ on the corresponding link. Now L2 domain consists of 8665 device only.

vlan 8
tagged ethernet 3
router-interface ve 8
vlan 9
tagged ethernet 3
router-interface ve 9

interface ethernet 1
interface ethernet 2
interface ethernet 3
enable
interface ethernet 4
interface ethernet 5
interface ethernet 6
interface ethernet 7
interface ethernet 8
interface ethernet 9
interface ethernet 10
interface ethernet 11
interface ethernet 12

And here we go again:

Aug 29 2025 12:23:05 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 9 Src MAC 001f.a0xx.x949 Dst MAC ffff.ffff.ffff
Aug 29 2025 12:23:05 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 9 Src MAC 001f.a0xx.x949 Dst MAC ffff.ffff.ffff
Aug 29 2025 12:23:05 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 8 Src MAC 001f.a0xx.x94a Dst MAC ffff.ffff.ffff
Aug 29 2025 12:23:05 Warning [ACOS]: - PU1 - Potential loop detected on Port 1 VLAN 8 Src MAC 001f.a0xx.x94a Dst MAC ffff.ffff.ffff
Aug 29 2025 12:23:05 Info [ACOS]: - PU1 - Virtual Ethernet interface ve9 is up
Aug 29 2025 12:23:05 Info [ACOS]: - PU1 - Virtual Ethernet interface ve8 is up
Aug 29 2025 12:23:05 Info [ACOS]: - PU1 - Ethernet interface 3 is up
Aug 29 2025 12:23:05 Info [ACOS]: - PU1 - Port 3 is now up.
Aug 29 2025 12:23:05 Info [ACOS]: - PU2 - Virtual Ethernet interface ve9 is up
Aug 29 2025 12:23:05 Info [ACOS]: - PU2 - Virtual Ethernet interface ve8 is up
Aug 29 2025 12:23:05 Info [ACOS]: - PU2 - Ethernet interface 3 is up

No spanning tree configuration on the device.

3

Another strange behavior. I removed all vlan configuration, created vlan 8, ve 8 on it, and added it to ethernet 3. When I assigned IP to the SVI. A10 checks for IP duplicates using MAC allocated to the SVI:

16:52:11.248129 00:1f:a0:xx:x9:27 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 8, p 0, ethertype ARP (0x0806), Request who-has 10.yy.yy.165 (Broadcast) tell 10.yy.yy.165, length 46
16:52:11.248144 00:1f:a0:xx:x9:27 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 8, p 0, ethertype ARP (0x0806), Reply 10.yy.yy.165 is-at 00:1f:a0:xx:x9:27 (oui Unknown), length 46

But then it tries to resolve another address (BGP neighbor) it doesn’t use this MAC:

16:52:13.247151 00:1f:a0:xx:x9:4a (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 8, p 0, ethertype ARP (0x0806), Request who-has 10.yy.yy.161 tell 10.yy.yy.165, length 46

Yes, it’s the MAC from the loop detect messages.

4

Disabled ethernet 1, deleted vlan and trunk-group configuration, rebooted the device, reconfigured it again - and no spam anymore. Test user is working for a few days without an issue. Looks like it’s safe to deploy it in production.