HPE Community
Switches, Hubs, and Modems
1753782 Members
7318 Online
108799 Solutions
New Discussion юеВ

Storming problems

 
SOLVED
Go to solution
Superdust
Advisor

тАО05-21-2009 10:56 PM

тАО05-21-2009 10:56 PM

Storming problems

Hello

I have a network with Procurve 2626, 2610 and Cisco 3550/3560 switches.

About 1000 hosts is connected.

The network is divided into several VLANs.

Lately I have problems with what seems to be storming on the network.

I use Cacti to monitor the switches via SNMP, I see that the traffic explodes on all trunks when the problem occur.

This form time to time now, it might be a host with virus etc, sending multicast/broadcast.
What I know is that it is not a loop.

I need some quick tips on how to set up the switches to counteract this kind of trouble..

Regards
0 Kudos
4 REPLIES 4
Dan Giannetti
Occasional Advisor

тАО05-22-2009 01:25 PM

тАО05-22-2009 01:25 PM

Solution

Re: Storming problems

Have you tried storm-control commands on the interfaces that are being affected. It won't work on Etherchannels but it should block some of the traffic from occuring. You can get a good description of it on the 3550 here:http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_se/configuration/guide/swtrafc.html#wp1186517
Pieter 't Hart
Honored Contributor

тАО05-24-2009 11:31 PM

тАО05-24-2009 11:31 PM

Re: Storming problems

Vlans are just the means of isolating broadcast-domains, so if it is broadcasts then this should be contained within a single vlan.
If you have not setup multicast routing also multicasts stay within their vlans.

- look for devices like printservers that have protocols like ipx enabled (by default they have) and disable unused protocols these protocols should not create broadcast "storms" but can create a peak of broadcast traffic.
A hello from one device gets response from all other devices, both are broadcasts.
Above a certain number of devices this can create significant traffic.

- if these protocols are "legally" used on your network you may need to create smaller subnets/vlans so a broadcast within a vlan creates less traffic.

- you can try to configure your trunks only for vlans that really need to pass to other switches. (only tag vlans that do exist on the other side of the link, check both sides have the same vlans tagged)

- if you can route on your uplinks (keep a vlan/subnet within a single switch) broadcasts should not pass your trunks.

- you can use a network packet analyzer (sniffer/netmon/wireshark) to locate the vlan/subnets/devices thats creating the storm.


Pieter
Superdust
Advisor

тАО05-25-2009 02:48 AM

тАО05-25-2009 02:48 AM

Re: Storming problems

Thank you for tips.

Setting rate limits for storm seems like a good idea.

I see that the limit is in % of the link capacity.

So if there is a wireless bridge behind the port I must use the bridges bandwidth in consideration. If the bridge can carry 30Mbps that would be 30% of a 100Mbps port.

Any idea on what to limit broadcasts, multicast, unicast at...

I have used wireshark for analysing traffic, but only one VLAN at a time, and I have not figured out where it comes from yet.

Any way to listen on all VLANs at the same time?
0 Kudos
Richard Brodie_1
Honored Contributor

тАО05-26-2009 09:12 AM

тАО05-26-2009 09:12 AM

Re: Storming problems

"Any way to listen on all VLANs at the same time?"

Sure, set the monitoring port tagged in all VLANs, and teach the network driver to speak 802.1Q . http://wiki.wireshark.org/CaptureSetup/VLAN
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.