[c-nsp] Unicast storms

Jeff Kell jeff-kell at utc.edu
Sun Jul 8 12:28:03 EDT 2007


Gert Doering wrote:
> Hi,
>
> On Thu, Jul 05, 2007 at 04:05:24PM +0100, Stephen Wilcox wrote:
>   
>> your LAN would need to be very large or very unusual for you to see this as a problem

One case where I've seen this cause more issues than just plain traffic 
is with centralized syslog servers.  If it's a dedicated box, it will 
rarely, if ever, transmit a packet; it's simply a sinkhole for UDP 
syslog.  So you can count on your every switch between the remote 
clients and the server (or at least the last L3 hop) to be broadcasting 
the traffic.

Another concern in that case is it makes it 'trivial' to sniff the 
traffic (if you're on the same subnet as the server).

The same "one-way" traffic scenario holds for other traffic as well 
(SNMP traps, UDP-streaming media, etc).

Jeff


More information about the cisco-nsp mailing list