Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2169
Views
0
Helpful
3
Replies

Wireshark capture on access port displays different vlan traffic

Go to solution
abukuru95
Level 3
Level 3

‎06-13-2013 12:06 AM

Hi Guys,

i have a nexus 4001i Blade Center Switch where i have a server connected in mode access to a particular vlan.

when i use wireshark on this port, i see different traffic conversations of different servers in different vlans which seems strange to me.

anybody have an idea why a server in mode access with wireshark is able to view different vlan traffic? I also see non multicast and non broadcast converations.

the port the server is connected to is not a monitor port but only in switch port mode access.

thanks in advance for you feedback

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Steve Fuller
Level 9
Level 9

‎06-13-2013 08:36 AM

Hi,

So it looks like you're getting unicast traffic flooded to all ports. There are a couple of reasons I've come across that can cause this.


In unicast mode (the default Forefront TMG cluster operation mode) NLB induces switch flooding, by design, relaying packets sent to the VIP addresses to all cluster hosts. Switch flooding is part of the NLB strategy for obtaining the best throughput for any specific load of client requests. However, if the NLB interfaces share the switch with other (non-cluster) computers, switch flooding can add to the other computers' network overhead by including them in the flooding and consequently have a detrimental effect on network and/or server performance.

Regards

View solution in original post

0 Helpful
3 Replies 3

Go to solution
AJ Cruz
Level 3
Level 3

‎06-13-2013 05:57 AM

I can't remember the details, but I've ran into issues in the past where a Nexus 1000v for whatever reason doesn't learn mac addresses and starts flooding unicast traffic. I'll see if I can find more info on that.

Edit: I had 1000v on the brain, you asked about a blade switch. You're probably still seeing unknown unicast traffic though the reason might be different than the 1000v issue.

Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
Steve Fuller
Level 9
Level 9

‎06-13-2013 08:36 AM

Hi,

So it looks like you're getting unicast traffic flooded to all ports. There are a couple of reasons I've come across that can cause this.


In unicast mode (the default Forefront TMG cluster operation mode) NLB induces switch flooding, by design, relaying packets sent to the VIP addresses to all cluster hosts. Switch flooding is part of the NLB strategy for obtaining the best throughput for any specific load of client requests. However, if the NLB interfaces share the switch with other (non-cluster) computers, switch flooding can add to the other computers' network overhead by including them in the flooding and consequently have a detrimental effect on network and/or server performance.

Regards

0 Helpful

Go to solution
abukuru95
Level 3
Level 3
In response to Steve Fuller

‎06-13-2013 11:52 AM

Thanks for you detailed explanation !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents