Solved: SFFT Table Overflow

pektron77 · ‎07-06-2012

Hi I am hoping someone can help me out with a couple of issues with a switch we are using. We have an SG 300-52 that is used for untagged inter vlan routing on a network of over 100 users with and I am wondering if the switch is appropriate for the task.

The log file keeps showing the following messages:

2147480831 2012-Jul-06 13:14:45 Warning %IPFFT-W-SFFTREDYELLOW: IP SFFT Table Overflow, aggregated (1)

2147480831 2012-Jul-06 13:14:45 Warning %IPFFT-W-SFFTREDYELLOW: IP SFFT Table Overflow

Even if I restart the switch the messages will start appearing after less than a day. Which while I know is a table overflow I don't know how to resolve the issue.

In terms of the switch performance on the new vlan (vlan10) that the SG300-52 is setup for there are only a few servers but there are no domain controllers on this vlan so the switch has to handle all routing for DNS, WINS etc. The tranfer speeds are excellent but when a user is using vlan10 within windows explorer frequently the screen will pause sometimes for upto a minute before displaying the network depending on how many drives are mapped to the original vlan (vlan1). This is a problem that I am more used to occurring because of dead shortcuts so I'm surprised it's happening accross the vlan, so I'm quite prepared to be told this is not a switch issue but it only occurs on vlan10.

Originally the idea was to have a new domain controller on the new vlan but due to issues with the new DC being Server 2008 and the discovery that production were still using some legacy pc's to login has meant the plean is on hold.

Is anyone able to shine some light on the issues I'm having?

The switch was configured using these guidelines:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Tom Watts · ‎07-09-2012

Robert, this means the small business switches are good edge switches for large networks and good core switches for small networks. For this particular scenario, I would recommend your core switch should be a Catalyst switch then you can drop the SX300 switch in to an access layer position.

For smaller networks (less than 100 users), the SX300 switches do perform pretty well so it's not a bad switch, it is simply not designed for anything larger.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Tom Watts · ‎07-06-2012

The SFFT overflow indicates there are too many IP addresses through the switch. The switch can hardware switch 100 IP address before it starts software switching. Think of it like a computer RAM vs a computer's page file.

When you receive the SFFT overflow error, the destination IP addresses will discontinue forwarding to try to reduce the load to keep the network functioning.

In a short summary, it may be possible your network is too big for the switch.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

pektron77 · ‎07-09-2012

Hi Thomas, thanks for the reply. Just to clarify what this means for our network. Basically the switch is not suitable for layer 3 routing on our network but would be OK without it. If I want to do layer 3 routing I will need a switch with more capacity (although the number of users is over 100 the number of IP addresses is nearly 200.

So does this mean I should avoid Cisco small business switches for our layer 3 routing and move onto Cisco Catalyst or somrthing similar instead. Or maybe just contact our hardware supplier?

Tom Watts · ‎07-09-2012

Robert, this means the small business switches are good edge switches for large networks and good core switches for small networks. For this particular scenario, I would recommend your core switch should be a Catalyst switch then you can drop the SX300 switch in to an access layer position.

For smaller networks (less than 100 users), the SX300 switches do perform pretty well so it's not a bad switch, it is simply not designed for anything larger.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

pektron77 · ‎07-09-2012

Hi Thomas, thanks for the fast, concise and very informative responses. I will take your advice and look for a suitable Catalyst to use for our core switch.

Ivor Diedricks · ‎10-11-2013

To be clear about the current status of this, the 300 Series switches now supports up to 512 IP hosts in layer 3 mode as of the latest releases of firmware. That makes it more than an "Edge" switch.

jialbert · ‎10-08-2013

Some additional information for ARP/IP table size:

[1] By default, Sx300 switch shared ARP/IP table has 128 entries, which can be shown by command below:

#show system router resources

In-Use Reserved

------ --------

IPv4 Entries 32 128

Number of Routes 20

Non-IP Entries: ---------------------used by ACL/QoS/…

- Unit 1 10% 353

[2] The command also shows entries in use, please check this against number of devices in network.

If they do not match, e.g., there is only ~100 devices while entry in use is 200, that means possible attack in the network.

* Entries in use include switch Vlan SVI, static/dynamic route, ARP entry.

[3] This value can be fine-tuned by command:

(config)#system router resources ip-routes 200 ------------------------ select the number according to your attached network devices and plus buffer for switch SVI, static/dynamic route.

While in typical deployment, ACL/QoS features will be turned on together with L3 routing, and all will consume Hardware TCAM resources, Sx300 is more suitable for small sized network. For larger network, use either Sx500 or Catalyst.