[c-nsp] Unicast storms
Jeff Kell
jeff-kell at utc.edu
Sun Jul 8 12:28:03 EDT 2007
Gert Doering wrote:
> Hi,
>
> On Thu, Jul 05, 2007 at 04:05:24PM +0100, Stephen Wilcox wrote:
>
>> your LAN would need to be very large or very unusual for you to see this as a problem
One case where I've seen this cause more issues than just plain traffic
is with centralized syslog servers. If it's a dedicated box, it will
rarely, if ever, transmit a packet; it's simply a sinkhole for UDP
syslog. So you can count on your every switch between the remote
clients and the server (or at least the last L3 hop) to be broadcasting
the traffic.
Another concern in that case is it makes it 'trivial' to sniff the
traffic (if you're on the same subnet as the server).
The same "one-way" traffic scenario holds for other traffic as well
(SNMP traps, UDP-streaming media, etc).
Jeff
More information about the cisco-nsp
mailing list