Re: ARP Broadcast on all VLANs

ariesc_33 · ‎10-30-2007

Hi all,

I have a layer 3 switch( not a cisco catalyst) that is connected to a cisco router through a MPLS VPLS. Basically the PE on MPLS cloud acts like a layer 2 switch with VPLS.

Switch ===>> PE===>>P===>>PE===>>>Router

-The switch has a minimum of 1000 VLANs

-port 1 is the trunk port connected to PE

-sniffed port 1 and shows that ARP request from the router is being broadcasted by the switch to all of its VLANs.

-Switch CPU reaches up to 70 percent

My question is, what are the instances where the Switch will have to broadcast to all of its VLANs?

Thanks

Kevin Dorrell · ‎10-31-2007

This is unusual.

Is there anything special about the address that the switch is ARPing for?

Is it the switch that is ARPing (from its management address) or is it something on the switch that is ARPing? If it is the switch itself, does it have its default gateway set up? I don't know the behavior of your non-Cisco switch, but I can imagine that if its default gateway was not configured, or if it was configured with its own management address as gateway, then it might ARP on all VLANs. Especially if it does not attach its management functions to any particular VLAN.

What type of switch is it?

Kevin Dorrell

Luxembourg

ariesc_33 · ‎11-03-2007

Hi Kevin,

Is there anything special about the address that the switch is ARPing for?

===================================

Each hosts behind that switch are assigned with /32 ip address.

Is it the switch that is ARPing (from its management address) or is it something on the switch that is ARPing?

==================================

The router is the source of the ARP request. The address that is being queried hasnt been assigned yet to a host although it is on the address pool that defined on the DHCP server.

Example, 192.168.1.233 hasnt been assigned to any hosts behind that switch or could be assigned to a host but has expired (DHCP policy leased time is 4 hours).

Configured route on the router

ip route 0.0.0.0 0.0.0.0

ip route 192.168.1.0 255.255.255.0 null0

Switch has separate VLAN for management and sniffed packets doesnt show any problems that is related to management address.

What type of switch is it?

================================

It is a layer 3 switch but it is only being used for layer 2 purposes.

royalblues · ‎11-04-2007

When you say that the L3 switch is being used only for L2 purposes and has 1000 vlans, what is the gateway of the VLANs configured as?

Narayan

ariesc_33 · ‎11-04-2007

Hi,

There is a separate vlan for management and separate network subnet where the gateway is the

PE router. Hosts gateway is the router. Note that hosts communicates to Router via Layer 2.

Thanks

paul.matthews · ‎11-05-2007

I dn't understand what you are asking. Over 1,000 is a lot of VLANs. You also suggest hosts configured with /32 masks. Is this one vlan per host? What type of router is the PE and how is it configured.

I hav a suspicion that the VPLS-PE router may just be bridging all the VLANs together. I must admit to no familiarity with VPLS though, my knowledge can be summed up as "it looks like LANE for MPLS"

Paul.

ariesc_33 · ‎11-05-2007

Hi Paul,

The PE is configured with mpls vpls. So all vlans created on the switch's trunk port should also be created on PE router.

see a preview of sniffed packets.

paul.matthews · ‎11-06-2007

I think we will need a little more to go on.

I was more asking if you could add at least a part of the config.

The trick with troubleshooting it to at least at a top level work out what could cause a problem and check it.

In this case, you have ARPs goig to a number of VLANs. The two obvious causes are that something is bridging across VLANs or the device generating the ARP is sending it to multiple VLANs. So we need to check if it is either of those.

What does a debug ip arp tell you on the PE?

I note you added an extract of the config that suggested that adress should be routed to nu0 - if that is correct, the router should not be arping at all. It might be worth a sh ip ro a.b.c.205 to see if there is a more specific route that beats that comparatively wide route.

That is a bit of the "is it sending to multiple VLANs?" next is "is there something bridging?" a look at the local config would help, but this may be the more challenging one to look at, as bridging may not be hapenning locally. I assume the 0017.0fa6.dc1b address is an address associated with the PE? it may be worth looking if you can sniff the MPLS side of the PE, just to see if the PE is sending into the cloud, and something elsewhere is bridging. Is any other traffic being replicated across the VLANS?