[c-nsp] Unicast flooding?
Erik Witkop
ewitkop at gmail.com
Wed Jan 13 10:01:54 EST 2010
Hi Frank,
It sounds like you have already done a bit of research.
I thought I might pass on this link as future reference, or for anyone
else that is interested.
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml
p.s. I know you are not on a 6000, but most of it should apply.
Frank Bulk wrote:
> We've been seeing some strange behavior on our 7609-S running 12.2(33r)SRB4.
> We have a VLAN (with four /24s) configured on three ports across two
> 10/100/1000 blades facing some FTTH transport equipment.
>
> Customers hanging off the FTTH equipment on the third port are complaining
> that several times per day they lose internet access. We've been able to
> correlate their complaints with failed ping attempts from our workstations
> and the 7609-S to their public IPs. What's interesting is that it's not all
> the traffic, and of the 4 IPs we are tracking, two of which are on separate
> /24s, the outages happen within the same /24. At the same time, while using
> Wireshark, I can see one of the Cisco interfaces sending out 1 to 2 Mbps of
> traffic that should be going to one of the other two Ethernet interfaces.
> This is happening about a dozen times per day for 4 to 6 minutes at a time.
>
>
> While the event is occurring I have verified the ARP and CAM entry. The CAM
> entry is associated with one of the first two Ethernet interfaces, not the
> third. I can clear the ARP and CAM entry from the CLI and they are
> re-learned with the same information, yet the traffic continues to egress
> the wrong Ethernet port.
>
> I've set the ARP timeout to 4 minutes so that it's less than the CAM table's
> default configuration of 5 minutes, but there was no improvement. One more
> observation -- the errant port is the root of the bridge.
>
> Any ideas why the 7609 would be sending traffic out an Ethernet port to a
> device that the CAM table says is on a different Ethernet port?
>
> Frank
>
>
> interface Vlan10
> description FTTH network
> ip dhcp relay information trusted
> ip dhcp relay information option-insert none
> ip dhcp relay information policy-action keep
> ip address 67.22.a.1 255.255.255.0 secondary
> ip address 67.22.b.1 255.255.255.0 secondary
> ip address 67.22.c.1 255.255.255.0 secondary
> ip address 67.22.d.1 255.255.255.0
> ip helper-address e.f.g.h
> no ip redirects
> arp timeout 300
> end
>
> interface GigabitEthernet1/29 (and 3/39 and 3/45)
> switchport
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 10
> switchport mode trunk
> switchport nonegotiate
> load-interval 30
> spanning-tree portfast trunk
> end
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list