[c-nsp] Forgetting switch

McLean Pickett McLean.Pickett at ptgcorp.com
Mon Nov 8 15:19:19 EST 2004 

I believe you can get around changing the ARP/CAM times by using a static CAM entry on the switch for the host in question.

McLean

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Gert Doering
Sent: Monday, November 08, 2004 2:31 PM
To: Vincent De Keyzer
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Forgetting switch


Hi,

On Mon, Nov 08, 2004 at 06:08:49PM +0100, Vincent De Keyzer wrote:
> I have got problem with a switch that forgets a certain MAC address after
> 300 seconds, and starts forwarding frames on all ports of the switch that
> are in that VLAN, which disturbs one host.
>  
> The complete set-up is as follows (it a standard two-routers + two-switches
> HSRP config):
> 
> *	Router A is connected with POS back-to-back to Router B
> *	Switch A is connected to router A, switch B is connected to router B
> *	Switch A and switch B are connected to each other
> *	Router A and B play HSRP, router A is the active router
[..]

This is a very typical side-effect of "building L2 and L3 redundancy
into the network".  We've had packets to our news server flooded to
all machines, including our poor 10Mbit/s. connected primary DNS server...

The trick we are using is "have host A send broadcast packets once
per minute" - on Unix hosts, just running "rwhod" will nicely do the
trick.

Yes, it sounds perverse - usually you do your best to get rid of the 
broadcasts, but what you get instead is ugly flooding.  Having one
broadcast per minute will nicely refresh the switches' CAM tables, 
and prevent flooding.

[..]
> According to a friend, this is a classical problem, 

It is :-)

> How does this sort of problem ("router still has ARP entry, but switch has
> forgotten MAC address") usually get fixed? I have the option of increasing
> the aging-time of the switch, but I am not sure it's the best way? And
> anyway, I wouldn't know which value to pick?...

Either you get the ARP timeout values on the router and CAM aging time
in the switch "in sync", or you make sure that both (all) switches regularily
see a packet from each host in question.

You *could* do it by regularily ping'ing the routers from all hosts in
question, but that's much more work to maintain (in case you add switches,
or routers move around, etc.).  We're quite happy with the occasional
broadcast packet :-)

What you cannot do is "have the active HSRP router on the same switch as
the host in question" - because that just means "other hosts end up on
the *other* switch".  You'd need to have *all* routers on *one* switch,
but that's not so good for redundancy...

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list