Packet loss in vlan1

bensonlei · ‎12-13-2018

Hi, Guys,

I am new to a messy network, I found ping packet loss in vlan1, and unknown protocol drop in all uplink interfaces of LAN switches.

LAN environment:

1. LAN network are mixed with Cisco Cat switch(pvst span), Juniper EX switch(RSPT), Hwawei poe switch (MSTP)

2. VLAN1 is native VLAN

3. VLAN1 is Switch management IP (all network devices)

4. VLAN1 is also some LAN IP

Test results:

A ping test to all hosts in Vlan1 have packet loss as the attached ( around 11% packet loss).

A ping test to all hosts in other VLANs have no packet loss at all ( 100% success ).

All uplink interfaces of network devices have "Unkown protocol drop" as the following

SW1-WIN#sh int | i line|unknown
Vlan1 is up, line protocol is up
     6728 unknown protocol drops
FastEthernet0 is administratively down, line protocol is down
     0 unknown protocol drops
GigabitEthernet1/0/1 is up, line protocol is up (connected)
     0 unknown protocol drops
.....................
GigabitEthernet1/0/22 is down, line protocol is down (notconnect)
     0 unknown protocol drops
GigabitEthernet1/0/23 is up, line protocol is up (connected)
     2017721 unknown protocol drops
GigabitEthernet1/0/24 is up, line protocol is up (connected)
     0 unknown protocol drops
...................

SW1-WIN#exit

---------------------------------------------------------------------

Any suggestions to find out the "Unknown protocol" ?

How should I remove/delete/filter out/re-configure the network to clear out the "unknown protocol" ?

Any comments and advice on this messy network ?

Georg Pauwen · ‎12-13-2018

Hello,

what does the configuration of your trunk ports look like ? Try 'switchport nonegotiate' in order to disable DTP...

interface GigabitEthernet1/0/23

switchport nonegotiate

Georg Pauwen · ‎12-13-2018

Hello,

also try enable LLDP globally (since you have devices from other manufacturers in your network):

Switch#conf t

Switch(config)#lldp run

Seb Rupik · ‎12-13-2018

Hi there,

Unknown protocol drops are anything the switches receives that it is not expecting. Good examples of these could be LLDP or DTP.

I suggest you configure a monitor session on SW1-win with Gi1/0/23 as the source an send the traffic to wireshark. This is collect all of the these packets, you can then sort them in a ‘protocol hierarchy’ to see what it being flung around the network. Use your knowledge of the network to determine what is not expected.

Send us a screenshot, we can take a look. :)

Cheers,

Seb.

bensonlei · ‎12-13-2018

Hi, Rupik,

Thanks for your suggestion.

1. CDP is not enabled in all Cisco devices,

2. LLDP is found in Juniper switch and WiFi devices as the attached,

My questions:

1. You mean Cisco devices can not recognize LLDP ?

2. Could I disable these L2 discovery protocols ( especially in WCTL (I am not a WiFi guy )) ?

3. Do you think these protocols broadcast decreases the network performance ?

Many thanks in advance.

Georg Pauwen · ‎12-13-2018

Hello,

DTP is Cisco proprietary, so the other devices won't understand it. Setting the switchports to 'switchport neonegotiate' should stop DTP packets.

LLDP depends on the IOS version, I think some of the older versions don't understand it. Try and enable LLDP ('lldp run') and check if the unknown protocol drops disappear...

Seb Rupik · ‎12-13-2018

From a security perspective you should disable all discovery ports on access ports, unless of course you are running VOIP on them. These is no need to have it enabled on trunk links, as you should know what is connected at the other end! :)

Regarding degrading performance, the volume and size of the packets should not cause noticeable problems.

cheers,

Seb.

Manish Manwal · ‎12-13-2018

hi,
may be this all problem because of flooding in vlan 1. can you please explain your network in brief? like your network follow core, distribution and access hierarchy or not.

THANKS
MANISH MANWAL

bensonlei · ‎12-13-2018

Hi, MANISH MANWAL

The LAN network infrastructure is not complicated. Juniper switch stack and a firewall is the L2/L3 device in LAN environment, Juniper switch stack is connecting to other network devices ( Server switches, WiFi devices and user switches ).

Attachments:

1. Network flood table ( only default is the vlan1 )

2. Network traffic in one interface of Juniper switch shows the traffic port of broadcast and multicast is not much

3. Network traffic in the uplink interface of one server switch.

Any other hints are causing packet loss only in VLAN1, thx ?

Manish Manwal · ‎12-13-2018

i never worked with juniper switches. but if juniper have storm control facility. please configure storm-control for broadcast packets.

THANKS
MANISH MANWAL

bensonlei · ‎12-13-2018

Hi, Rupik,

Thanks for your good advice and information.

Cheers

bensonlei · ‎12-13-2018

Hi, guys,

After the lldp protocol (L2 discovery protocol) is disabled in Juniper and H3C WIFI devices, "unknown protocol drops" seems disappeared in VLAN1 ( so it is believed these protocols do not cause packet loss in VLAN1); but the packet loss is still happening in VLAN1( no issue for other VLANs).

Have you guys seen this MAC ADD " 00e0-fc09-bcf9"....HWAWEI's STP broadcast address ( we have some old HWAWEI switches as hub in the network) ? Do you think it causes network issue ?

Many thinks in advance.

Georg Pauwen · ‎12-14-2018

Hello,

is the packet loss occuring between clients WITHIN Vlan 1, or between clients on Vlan 1 and other Vlans ? Post the full output of 'show interface vlan 1'...

bensonlei · ‎12-16-2018

Hi, Pauwen,

It is almostly confirmed the packet loss problem caused by the "unknown protocol drops" in the uplink interfaces of all switches, as the following captured:

SW1-SRV#sh int gi1/0/23
GigabitEthernet1/0/23 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 2001.c00a.9007 (bia 2001.c00a.9007)
Description: Uplink_JSW(G6/28)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:03, output hang never
Last clearing of "show interface" counters 17:08:38
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 292000 bits/sec, 115 packets/sec
5 minute output rate 200000 bits/sec, 36 packets/sec
     11458270 packets input, 6618382961 bytes, 0 no buffer
     Received 2857475 broadcasts (498149 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 498149 multicast, 0 pause input
     0 input packets with dribble condition detected
     3026422 packets output, 817010982 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     8544 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

These "unknown protocol drops" seems do not come from VLAN1, but it strangely affects only the network traffic in VLAN1;

(packet loss between VLAN1 & VLAN1, VLANx & VLAN1, but no packet loss between VLANx & VLANx).

Any suggestion, thx a lot ?