[f-nsp] MLXe-16 forwards unicast traffic to wrong port
Alexander Shikoff
minotaur at crete.org.ua
Thu Jun 19 11:32:08 EDT 2014
Hi Community,
I have a MLXe-16 box with a lot of customers connected to.
Customers are connected to switched ports in VLAN 777. Also in the same
VLAN there is monitoring server. Today I accidentally noticed that
I'm receiving strange traffic on my monitoring server. I started tcpdump:
18:19:45.315620 00:25:9e:17:57:d4 > 00:22:56:bb:0a:7f, ethertype 802.1Q (0x8100), length 122: vlan 777, p 0, ethertype IPv4, 92.49.205.169.59870 > 178.216.123.174.45198: UDP, length 76
18:19:45.317229 90:e2:ba:1e:13:c8 > 00:22:56:bb:0a:7f, ethertype 802.1Q (0x8100), length 66: vlan 777, p 0, ethertype IPv4, 194.8.144.83.34028 > 5.104.42.121.46683: UDP, length 20
18:19:45.317961 00:21:59:a9:6e:c4 > 00:22:56:bb:0a:7f, ethertype 802.1Q (0x8100), length 106: vlan 777, p 0, ethertype IPv4, 195.211.161.142.50403 > 5.104.57.203.63827: UDP, length 60
All four MAC addresses in this output belong to my customers, and all of them
are learned and present in MAC table:
telnet at lsr1-gdr.ki#show mac | i 0025.9e17.57d4|0022.56bb.0a7f|90e2.ba1e.13c8|0021.59a9.6ec4
0025.9e17.57d4 7/11 0 777
0021.59a9.6ec4 10/8 0 777
0022.56bb.0a7f 9/8 0 777
90e2.ba1e.13c8 3/7 0 777
Monitoring server connected to port 7/23, it has different MAC address, but it is
also receiving this traffic! That should not happen.
There is no any port mirroring configured at a moment.
IronWare version is 5.6.0bT177.
What's wrong with my router? Any ideas?
Thanks in advance!
--
MINO-RIPE
More information about the foundry-nsp
mailing list