[c-nsp] 2970 turns into a hub for a few moments
Vincent De Keyzer
vincent at dekeyzer.net
Wed Dec 27 11:27:45 EST 2006
It just happened again!...
A few details about the switch: it's a 2970 running 12.2(25)SEB4 (LANBASE);
its config is pretty simple (see below). Problems seem to happen/increase
when we switch on our OpenBSD PF firewall (under development), which runs
CARP.
I am currently graphing the free mem and CPU usage with a small SNMP tool,
but I am afraid that when it will happen again, the switch will have
something else to do than replying to my snmp gets. We will see. Currently
CPU is at 5% and available proc mem is 92MB.
Any help is appreciated
Vincent
___________________________
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname swt296.bru091.be
!
logging buffered 65536 debugging
logging console informational
enable secret <removed>
!
aaa new-model
aaa authentication login default group tacacs+ enable
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
!
ip domain-name <removed>
ip name-server x.y.244.214
!
!
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
shutdown
!
interface GigabitEthernet0/3
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/4
shutdown
!
interface GigabitEthernet0/5
shutdown
!
interface GigabitEthernet0/6
shutdown
!
interface GigabitEthernet0/7
shutdown
!
interface GigabitEthernet0/8
shutdown
!
interface GigabitEthernet0/9
shutdown
!
interface GigabitEthernet0/10
description Test port
switchport access vlan 8
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
shutdown
!
interface GigabitEthernet0/12
shutdown
!
interface GigabitEthernet0/13
shutdown
!
interface GigabitEthernet0/14
shutdown
!
interface GigabitEthernet0/15
switchport access vlan 8
switchport trunk encapsulation dot1q
switchport trunk native vlan 8
switchport mode trunk
switchport voice vlan 8
spanning-tree portfast
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 8
switchport mode trunk
switchport voice vlan 380
load-interval 30
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 8
!
interface GigabitEthernet0/22
switchport access vlan 8
!
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree cost 10000
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan8
ip address 172.21.128.53 255.255.248.0
no ip route-cache
!
ip default-gateway 172.21.128.3
ip http server
snmp-server community <removed> RO
tacacs-server host x.y.244.214
tacacs-server directed-request
tacacs-server key <removed>
radius-server source-ports 1645-1646
!
control-plane
!
alias exec sif sh int | i Descr|protocol|CRC
alias exec sib sh ip int brief
alias exec sir sh ip route
alias exec sid sh int desc
alias exec tm term mon
alias exec tnm term no mon
alias exec ua undebug all
alias exec sion show ip ospf ne
alias exec sal sh ip access-list
alias exec sc sh diag | i Slot|port|FRU|Serial
alias exec srro sh run | begin ^router ospf
alias exec srrb sh run | begin ^router bgp
alias exec sri sh run int
!
line con 0
exec-timeout 30 0
logging synchronous
line vty 0 4
exec-timeout 30 0
logging synchronous
line vty 5 15
!
ntp clock-period 36028832
ntp server x.y.244.214
!
end
> -----Original Message-----
> From: Afsheen Bigdeli [mailto:afsheenb at gravityplaysfavorites.net]
> Sent: mercredi 27 décembre 2006 16:33
> To: Vincent De Keyzer
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 2970 turns into a hub for a few moments
>
> This will happen if the CAM table becomes full or exhausted - the switch
> won't learn any new MAC addresses (and broadcast / multicast / unknown
> unicast MAC addresses get flooded).
>
> What does the memory and cpu utilization look like on the switch? Can
> you provide the IOS version and/or a sanitized config?
>
> --afsheenb
>
>
>
> Vincent De Keyzer wrote:
> > Hello,
> >
> >
> >
> > a few days ago, some people on the office network started to complain
> about
> > application timeouts/cuts (a few times a day). Since different people
> were
> > complaining about different applications, the network seemed the right
> place
> > to look at.
> >
> >
> >
> > We have placed several laptops in several points of the network, running
> a
> > sensible application plus Ethereal. What we saw was very weird: from
> time to
> > time (and it coincides with the applications timeouts), the switches
> starts
> > forwarding to the laptop ports traffic that is neither broadcast, nor
> > unicast for the laptops. Just like if the switch would become a hub from
> > time to time. It lasts for "a few seconds" (we still need to narrow this
> > down), then it starts behaving normally again. We believe that this
> produces
> > some temporary congestion on the network, which causes the applications
> > problems.
> >
> >
> >
> > Does anyone have an idea on what could be causing this?
> >
> >
> >
> > Vincent
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
More information about the cisco-nsp
mailing list