[c-nsp] Unicast storms

Pickett, McLean (OCTO) mclean.pickett at dc.gov
Mon Jul 2 13:25:17 EDT 2007 

The switch will only timeout the mac table entry if the host has failed to
generate a single valid frame over the timeout period. The switch will then
broadcast the first frame destined to the host and re-learn the host mac
based on its response.

The ongoing broadcasts should only happen if the mac address in the router's
cache is no longer valid and does not exist on the network.

McLean

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Eric Spaeth
Sent: Monday, July 02, 2007 1:04 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Unicast storms

If you have HSRP enabled on layer-3 switches, make sure that the 
mac-address-table aging-time is set to 14400 seconds or better so that 
it will not age out before the ARP entry for any given host. 

The problem with HSRP is that both the standby and active router can 
forward traffic into the VLAN, but only the HSRP active receives the 
return traffic.  There are many configurations where the only unicast 
traffic (which is required to populate the mac-address-table) the HSRP 
standby will receive from a host is the direct response to an ARP 
request every 4 hours.  With the default mac-aging time of 300 seconds, 
that means that your HSRP standby switch/router would potentially only 
have a valid layer-2 forwarding interface defined for 5 minutes after an 
ARP is completed to the host.   After 5 minutes, the router still 
maintains the ARP entry so it knows which MAC to address the traffic to, 
but when it gets sent to the layer-2 portion of the switch the 
mac-address-table interface mapping is gone so the switch is forced to 
flood the frame out to all interfaces on the VLAN.  This flooding will 
continue for the next 3 hours and 55 minutes until the HSRP standby 
router issues another ARP request for the host. 

-Eric

Vincent De Keyzer wrote:
> The configured treshhold is quite high (10% - that's 100 Mbps on GigE
> ports!...).
>
>  
>
> I believe there is something wrong - where do I start troubleshooting
this?
>
>   
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list