We have a 4500X as a core L3 Switch with the DC and DNS servers behind a 2960X stack attached to the 4500X as a Layer 2 switch. If one of the DNS server is downed or we shutdown the port it is attached to on the 2960X stack, after 10 minutes, the 4500X starts a storm of forwarding DNS queries to that server. The packets in the storm are legitimate DNS queries to that server, but produced by the 4500 at a high rate. The endpoints sourcing the DNS queries are not sending at that rate, but since the DNS server is the main server for the network, there are a fair amount of queries which all are stormed by the 4500X after 10 minutes. It affects the performance of the whole network since it is the L3 switch. If we remove the ARP entry from the 4500X for the DNS server that is attached to the 2960X stack, we never get the storm. If during the storm we bring the server back up or no shutdown the port, the storm stops immediately. If we disable the DNS service in the DNS server, we never get a storm since the server is still up returning ICMP destination unreachable.
We believe there is a software defect in the 4500X, but the 4500X does not currently have Smart Net in order to open a TAC case or upgrade software. The 4500X is running 03.10.02.E.
- Consider that as a show stopper for a final solution, equipment servicing mission critical business should always have support. In the meantime , move your DNS server to a central part of the network, directly connected to the core , for instance.
-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !