Fabric Path



Fabric Path

Fabric Path is a plug and play protocol, it enables each device to build overall view of topology in same way like link state protocol does.

In Fabric Path each device in topology is identified by switch id and all layer 2 forwarding tables are built based on reachability to each switch id. This is accomplished using IS-IS protocol.

Why Fabric Path?

STP Fabric Path
STP provides limited bandwidth (no load balancing by default) Use all links (ECMP, Multiple trees)
STP introduce sub-optimal path means shortest path may not be used Use shortest Path
Sync Mac Table means MAC address Table can’t be scaled. Async Tables means Mac address table will be scaled or optimized using conversational MAC learning

Fabric Path Terminology:

CE(Classical Ethernet):- Regular Ethernet with regular STP.

CE Edge Ports:-

  1. An interface which is connected to traditional N/W device
  2. A Port which is not configured with <switchport mode fabricpath> command.
  3. Edge ports participate in STP domain.
  4. Sends/receives Traffic based in standard Ethernet frame Format.
  5. Forward traffic based on MAC address Table.

Core Ports:

  1. Port which is connected to another fabric path devices.
  2. Link on leaf up to spine or spine to spine.
  3. A Port which is configured with <switchport mode fabricpath> command
  4. Forward traffic based on “Switch-Id Table.
  5. Exchange topology info through L2 IS-IS adjacency.

Spine Switch (Core Switch):

  1. Devices at the core of the fabricpath topology.
  2. Forward traffic only based on the switch id.


Leaf Switch(Edge switch) :-

  1. Basically leaf switch connect CE domain to Fabric Path domain.
  2. Fabric leaf switch must be Root for Classical Ethernet Domain,

Switch Id:-

  1. Used to identify the node in IS-IS SPT
  2. Switch id is 12 bit address that represent the switch inside fabric path topology.
  1. Switch id can be assinged dynamically or statically. for verification and troubleshooting recommended to manually assign the switch id using fabricpath switch-id command.
  1. DRAP: Dynamic resource allocation Protocol an extension to fabric path IS-IS that ensures network wide unique and consistent switch id and

F-Tag values


Traffic Flow in Fabric Path:-

  1. Known Unicast:

When a frame enters to fabric path domain from CE Network, the ingressing switch encapsulates the frame with a fabric path header. No MAC learning or lookup required inside the core and traffic forwarding is done based on switch id. when frame leaves the fabric path network to go to CE N/W the egressing switch de-encapsulates the frame and sends as regular CE header.

  1. Multidestination Traffic:-

Multidestination traffic can be mutlicast, broadcast and unknown unicast. Fabric Path automatically builds two separate logical tree or Multi destination tree for handling Mutidestination traffic.like spanning-tree, each tree has a root that is chosen automatically based on below criteria.

  1. High Root Priority -> 8 Bit value(default=64)
  2. High System ID – > 48 bit VDC MAC Address
  3. Highest Switch Id -> 12 bit switch id

How to change root priority:-

show run fabric-path

fabricpath domain default

root-priority <value like 255>

When switch knows destination is multidestination then ingress path switch determine tree ID(ftag) and imposes FP header. FTAG and ODA is used to make routing decision trough fabric path core. Egress fabric path switch remove fabric path header and forwards to classical ethernet.

FabricPath Header:

The Outer source address (OSA) is the FabricPath switch ID of the device where the frame ingresses the FabricPath network, and the Outer destination address (ODA) is the FabricPath switch ID of the device where the frame egresses the FabricPath network.

For unicast routing the combination of the SID, SSID and LID are used in the ODA and OSA. For multi destination traffic this is different:

For broadcast and multicast frames the inner destination address (iDA) is copied to the ODA of the FabricPath header.

For unknown unicast frames a reserved MAC address of 01:0F:FF:C1:01:C0 is used in the ODA.

Switch ID – Unique number identifying each FabricPath switch

Sub-Switch ID – Identifies devices/hosts connected via VPC+

Port ID – Identifies the destination or source interface

FTag (Forwarding tag) – Unique number identifying topology and/or multidestination tree

TTL – Decremented at each switch hop to prevent frames looping infinitely.

FTag depends on whether a pariticular frame is unicast or multidestination.

In case of unicast frame, FTAG identifies the fabric path topology the frame is traversing.

Earlier only a single topology is supported and this value is always set to “1”. as of 6.2(2) switches support up to 8 fabric path topology. System selects a unique FTAG for each topology configured.

In case of Multicast frame, The FTAG is used to identify which multidestination forwarding tree is given topology from frame should traversing.

FTag1=Unknown Unicast /Broadcast / Multicast

FTag2= Only for multicast

Fabric Path builds two multidestination tree with two different roots one for FTAG 1 and one for FTAG 2.

At Layer 2, Multicast traffic is hashed to either tree in order to utilize both of them. the hashing is platform dependent for instance, it can include the VLAN or IP Address.

FabricPath Interaction with spanning tree:

By default BPDUs are not forwarded over the FabricPath domain.

The FabricPath domain must be root bridge. In order to ensure the fabricpath domain acts as STP root, All fabric path edge ports have Root Guard function enabled implicity, If a superior BPDU is received on fabricpath edge port, the port is palaced in the “L2 gateway inconsistent”.

FabricPath domain acts like a single Bridge. If multiple fabric path edge switches connect to STP domain, make sure that those edge switches use same bridge priority values and mac address will be same because we have unique MAC (C84C.75FA.6000).

Reference Link http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-687554.html#_Toc371593105

Conversational MAC addresses Learning:

Fabric Path’s conversational learning technique defines two types of MAC addresses: local and remote.

Local addresses are for a device directly connected to the FabricPath edge switch. Remote addresses are for those devices connected to a different FabricPath switch. The FabricPath edge switch learns the source MAC address as a local MAC address entry for Ethernet frames received from a directly connected access or trunk port as normal environment.

Switch learns remote MAC only if bidirectional conversation occurring between local and remote MAC.

Each interface learns only those MAC addresses which are actively speaking with the interfaces.

This selective learning allows you to scale the network beyond the limits of individual switch MAC address table.

All FabricPath VLANs use the conversational MAC address learning.


VPC+ allows fabricpath and vpc to work together.
In Normal VPC we can ran into logical problem bacause S30 MAC Table only allows for a one to one mapping between MAC address and Switch-id (either through s10 or S20 ) so which one will be choosen? means MAC could flip flop between these two switch-id.

To overcome from this situation Cisco introduced an additional element called “virtual switch” this virtual switch sits behind the VPC+ peer and represent the VPC+ domain to fabric path environment. This virtual switch has its own switch id and looks like a normal fabric path edge device to rest of infrastructure.


Now VPC+ is running between s10 and s20 and a virtual switch s100 which exist behind the physical device. when MAC “A” sends traffic through fabric path domain will encapsulated with a source switch-id 100, from s30 and other remote switches point of view.MAC-A is accessible behind the a single switch s100.

VPC+ Requirement:

  1. In vPC+, the Peer-Link is configured as a FabricPath core port means configured as switchport mode fabricpath.
  2. VPC Peer will share fabricpath switch id which is configured under vpc domain and has to be same on both.
  3. Both the vPC+ Peer-Link and member ports must reside on F series linecards.

Leave a Reply

Your email address will not be published. Required fields are marked *