[c-nsp] Forgetting switch

Gert Doering gert at greenie.muc.de
Mon Nov 8 14:30:59 EST 2004 

Hi,

On Mon, Nov 08, 2004 at 06:08:49PM +0100, Vincent De Keyzer wrote:
> I have got problem with a switch that forgets a certain MAC address after
> 300 seconds, and starts forwarding frames on all ports of the switch that
> are in that VLAN, which disturbs one host.
>  
> The complete set-up is as follows (it a standard two-routers + two-switches
> HSRP config):
> 
> *	Router A is connected with POS back-to-back to Router B
> *	Switch A is connected to router A, switch B is connected to router B
> *	Switch A and switch B are connected to each other
> *	Router A and B play HSRP, router A is the active router
[..]

This is a very typical side-effect of "building L2 and L3 redundancy
into the network".  We've had packets to our news server flooded to
all machines, including our poor 10Mbit/s. connected primary DNS server...

The trick we are using is "have host A send broadcast packets once
per minute" - on Unix hosts, just running "rwhod" will nicely do the
trick.

Yes, it sounds perverse - usually you do your best to get rid of the 
broadcasts, but what you get instead is ugly flooding.  Having one
broadcast per minute will nicely refresh the switches' CAM tables, 
and prevent flooding.

[..]
> According to a friend, this is a classical problem, 

It is :-)

> How does this sort of problem ("router still has ARP entry, but switch has
> forgotten MAC address") usually get fixed? I have the option of increasing
> the aging-time of the switch, but I am not sure it's the best way? And
> anyway, I wouldn't know which value to pick?...

Either you get the ARP timeout values on the router and CAM aging time
in the switch "in sync", or you make sure that both (all) switches regularily
see a packet from each host in question.

You *could* do it by regularily ping'ing the routers from all hosts in
question, but that's much more work to maintain (in case you add switches,
or routers move around, etc.).  We're quite happy with the occasional
broadcast packet :-)

What you cannot do is "have the active HSRP router on the same switch as
the host in question" - because that just means "other hosts end up on
the *other* switch".  You'd need to have *all* routers on *one* switch,
but that's not so good for redundancy...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list