ok, more question:
Can you also review the mac-tables of the dell blade ? (or 2 dell blades ?)
Are the 2 9500 devices configured with IRF or as standalone devices ?
Do you have xSTP, link aggregation or some kind of smart link between the blade switches and the core ?
Are the blade switches running as independent switches or is it a real stack (really 1 switch) ?
I had similar issue in the past, the problem then was 2 blade switches (interconnect between 2 switches was offline or blocking with stp). The servers were doing transmit loadbalancing, which means that all traffic out (from server) via nic1 was sent with source mac a1, all traffic out via nic2 with source mac a2 (the idea is that the switches do not need link-aggregation/port channel configuration for the 2 server nics, while at the same time mac-flap is avoided, since the source mac on the 2 nics is different, and the server can still do outbound loadbalancing).
For the inbound traffic (to server), the server would only reply with 1 mac to arp requests, so all traffic to the server would be sent over 1 link only, so let's assume mac a1 is used for this example.
The 2 blade switches would see the 2 mac address as individual hosts, but 1 mac would be "locally" connected (mac a1 on blade switch1), while the other mac a2 would be learned via the core uplink (which had learned it via the port to the other blade switch2).
Since mac a2 is only used as source mac and never as destination mac (it is never mentioned in the arp replies), mac a2 is not part of the problem.
Now consider that server2 wants to send data to this server1, it will send an arp request, will get arp reply from server1 with mac a1, so will use mac a1 as the destination address.
Based on the server2 nic teaming, it will select either nic1 or nic2 to transmit the data. So now assume that it is taking its nic2 to send the data. This will pass via blade switch2, over the core to blade switch1 to the server.
No problem so far.
Now the OS arp cache is typically like 10-15minutes, so the server2 will keep on sending data in the next 10-15 minutes without additional arp request. But if server1 is not sending any arp broadcasts anymore, blade switch2 would not see any traffic from that mac and after 5 minutes, the mac a1 would be removed from the mac tables on blade switch2 (blade switch1 is the switch which is getting the data from server1 nic1 with mac a1, so that switch will still know and re-learn the mac).
When that happens, all traffic from server2 to server1 via blade2 would be sent to an unknown destination mac from bladeswitch2 point of view, so it started flooding the traffic to all the switch ports, flooding it to all the server ports. (at least all the server ports nic2 that is).
This took quite some time to troubleshoot, but the solution was very simple in the end : increase the mac cache of the switches from the default 5 minutes to e.g.60 minutes or even several hours.
I do not know if this logic can help you in the troubleshooting, but I really recommend review all the switches and blade switches mac-tables, specially for the flooded mac-addresses you found.
Best regards,Peter.
