[c-nsp] 2970 turns into a hub for a few moments

Vincent De Keyzer vincent at dekeyzer.net
Wed Jan 3 06:00:40 EST 2007 

OK, the story goes on.

This morning, we switched the firewalls back on with "spanning-tree portfast
trunk", and they went up fine (contrary to what always happened until now).

So everything looked good, but after a while a wireless AP went down and
back up, which triggered TCNs and problem occurred again.

So it really seems that the PFs somehow amplify the effect of TCs (because I
now see that there have been TCs while the PFs were off, and everything went
fine).

Weird. I need to talk to the PF guy again.

Vincent

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Gert Doering
> Sent: mardi 2 janvier 2007 18:53
> To: Vincent De Keyzer
> Cc: 'Gert Doering'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 2970 turns into a hub for a few moments
> 
> Hi,
> 
> On Tue, Jan 02, 2007 at 06:12:35PM +0100, Vincent De Keyzer wrote:
> > If I follow your idea, I have to conclude that the Packet Filters are
> either
> > causing more instability, or increasing the impact of previously
> unnoticed
> > instability (because the occurrences of the problems are *very well*
> > correlated with the PFs being turned on).
> 
> Hmmm, that's confusing.
> 
> Topology-Changes should only happen if a port has a link change (down/up),
> or if something funny is happening to spanning tree packets.
> 
> Are these packet filters operating in "transparent" (layer 2) mode, and
> maybe doing funny things to your STP packets, so that the switches assume
> topology changes?
> 
> > I am planning to bring the switch ports of the PFs back on with
> > "spanning-tree portfast trunk", and, if that does not fix the problem,
> trace
> > the TC source immediately when problem occurs.
> 
> You *should* see interface up/down events when you see a burst of TC
> notifications.  Otherwise this is really unusual.
> 
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> 
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-
> muenchen.de
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list