[c-nsp] Unicast storms
Gert Doering
gert at greenie.muc.de
Sun Jul 8 07:33:10 EDT 2007
Hi,
On Thu, Jul 05, 2007 at 02:44:02PM +0200, Vincent De Keyzer wrote:
> The problem is: I am making the assumption that network performance on the
> LAN could be sub-optimal due to frequent unicast floods (i.e. switches are
> flooding all ports with unicast frames because it does not have the
> destination MAC address in its table); and I would like to verify whether
> this is the case or not.
Unicast flooding in "large numbers" is never a good thing - so figure out
why it happens and fix it :)
> So before even blocking or rate-limiting, I'd like to
> 1) assess whether those floods are happening or not
Attach a sniffer machine to an unused switch port (not configured as SPAN
port), and just count packets coming in there.
> 2) quantify them to understand whether they are at a reasonable level or not
> 3) locate their source
All this can be easily done with the sniffer data.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list