Re: Strange switching behaviour of Catalyst 3500 Series

mwertejuk · ‎03-19-2002

Hello,

I have a very difficult topic according to the mentioned switch series.

Since there was already cisco personnel involved I try to get help here, because I could not believe what they said.

To describe the problem briefly, I do not tell about already noticed and fixed configuration problems of the affected switches but only about the behaviour which can be found on freshly configured switches without having any special features enabled.

When a host (A) who is connected to the switch wants to send a packet, let's say a icmp echo request, then the switch should lookup the recipients switchport from the mac address cache and send the packet to one (!) switchport in order to reach the target host.

Unfortunately the switch sends this packet to all ports if the recipients mac address is not existent in the mac address cache and after having learned that specific mac address this behaviour stops.

If the mac address cache is cleared, the first one or two packets will be seen on other ports again, as well as on the correct port.

So I wondered about that and tried some other switches from the same Series and noticed the same.

The guys who were responsible for the large network having this problem told that this is just a normal behaviour of switches because they are not allowed to store the packet and do an arp request, so they have to send this packet to all switchports.

Since I could not believe this, I tried some cheaper switches not from Cisco and of course they did not send packets to ports other than the correct destination port.

So the guys who were responsible said, that the cisco switch has so much features (who are disabled) that the switch is not able to learn the specific target mac address fast enough to be in some latency timeframes.

After this unordinary explanation I contacted the Distributor and tried to get technical support from them but they were overstrained with this question so they (at least they told me so) contacted someone from the cisco technical support team and afterwards they presented the same curious solution as the guys and said that a switch with that many features is not able to learn mac addresses as fast as he has to do in order to know the destination switchport before exceeding special latency timeframes which are allowed in switched communication.

Finally I'm very confused whether it might be true what all these people are saying and want to know if they are right.

I cannot believe that cisco switches would send packets to all switchports if it does not know

where to send it.

Unfortunately I cannot tell you the used IOS version and revision but if it is neccessary i would get them for you.

Best regards,

Marco Wertejuk

glen.grant · ‎03-19-2002

This explanation sounds correct to me if it's not in the mac or cam table it must arp to every port on the switch to see if the destination is on the switch itself , if it is it will be put in the mac table for as long as the mac timeout is . This can be adjusted to quite lengthy times if you are worried about all the arping . We have a lot of our set for 1 week , so the entry will not be cleared at least a week after the final traffic was seen for the particular address . I do not know what the maximum mac table timeouts are without looking but they are adjustable .

mwertejuk · ‎03-20-2002

Excsuse me for not having described the problem exactly.

Of course the third host which is not involved in communication will see arp requests but in the given example the host will not only see arp requests but also some few data packets.

If we have three hosts and host A whants to get an icmp echo reply from host b, then on the third host there will be an arp who-has request, an arp reply, exactly one icmp echo request from A to B and the accrording reply.

After those for packets, the third host sees no longer traffic from A to B, except for other arp requests which are neccessary.

The person from the support group told it is completely normal that other hosts see some few packets of communication between other hosts during the switch learning their mac addresses.

After reaching the aging time of learned mac-addresses the same phenomenon happens again.

I am very sure that this is not normal, since the icmp echo requests and replies should not be seen on any other hosts except for the source host and the target host.

Please tell me, whether I am wrong or not, only arp requests should be seen and not icmp traffic.

splazo · ‎03-20-2002

I also see this on my network. I use a 3500XL as a gig-E aggregation layer from 6506's to intel 510T's. On the hosts connected to the 510T's I see full TCP (port 80 , 53 ,etc.) sessions to other hosts that are on different 510T switches that are connected to the 3500XL.

Strontium · ‎03-21-2002

The arp request is a broadcast and is broadcast on every port .

mwertejuk · ‎03-21-2002

I don't mind the arp requests, since I understand a lot about networking but I am very sure that I should not see icmp echo request and replies which are not send from the host who sees them nor are they send to the host.

For some unknown reason the Switch sends some few packets to every port if the destination MAC Address is not present in the switchs mac address table.

I think this is not normal behaviour and I hoped to get some help since some people told me that this is normal on switches with a lot of features as for example the catalyst 3500XL.

A switching having this behaviour does not fulfil my expectations on a switch and never before a cisco switch did behave like that so I am very curious what the reason for this might be, since I also tried some switches with a completely new configuration and without any special features enabled.