Re: RSPAN fllods traffic over all ports on source switch

Konstantin Dunaev · ‎06-10-2007

Hi,

we have some Cisco switches in IBM Bladecenters:

CIGESM Software (CIGESM-I6Q4L2-M), Version 12.1(22)EA9.

They are connected to 6513 SUP720.

I'm starting the following monitoring session on 6513:

monitor session 1 source remote vlan 500

monitor session 1 destination interface Gi13/35

and on the blade's switche:

monitor session 1 source gig0/3

monitor session 1 destination remote vlan 500 reflector-port gig0/20

Switch's management VLAN is 352

The trunk config on blade switch looks like:

Port Vlans allowed on trunk

Gi0/1 2-351,353-499,501-4094

Gi0/2 2-351,353-499,501-4094

Gi0/3 2-351,353-499,501-4094

Gi0/4 2-351,353-499,501-4094

Gi0/5 2-351,353-499,501-4094

Gi0/6 2-351,353-499,501-4094

Gi0/7 2-351,353-499,501-4094

Gi0/8 2-351,353-499,501-4094

Gi0/9 2-351,353-499,501-4094

Gi0/10 2-351,353-499,501-4094

Gi0/11 348,900,904,908,912,916,920,924,928,932,936,940,944,948,952

Gi0/14 2-351,353-499,501-4094

Gi0/15 352

Gi0/19 600

Po1 1-497,499-4094

On the system connected to the interface Gi13/35on 6513 I can see the traffic from the bladeswitch's monitored port, but after around 5-10 minutes I can see that the traffic on interfaces Gi0/1-10 and Gi0/14 on the blade switch inreaces dramaticaly (see the picture) from 100 Kbits to 200Mbit and sometimes it leads to the "overutilisation" of interface and connected systems are loosing the network.

interface GigabitEthernet0/20

switchport mode access

spanning-tree bpdufilter disable

spanning-tree bpduguard enable

we use MSTP:

###### MST00 vlans mapped: none

Bridge address 0019.56e2.c840 priority 32768 (32768 sysid 0)

Root address 000b.60f1.5640 priority 4096 (4096 sysid 0)

port Po1 path cost 0

IST master address 000b.60f1.5640 priority 4096 (4096 sysid 0)

path cost 15000 rem hops 18

Interface Role Sts Cost Prio.Nbr Type

Gi0/1 Desg FWD 20000 128.1 Edge P2p

..

Gi0/15 Desg FWD 50000 128.15 P2p

Gi0/19 Altn BLK 20000 128.19 P2p

Po1 Root FWD 10000 128.65 P2p

###### MST01 vlans mapped: 1-497,499-599,601-4094

Bridge address 0019.56e2.c840 priority 32769 (32768 sysid 1)

Root address 000b.60f1.5640 priority 4097 (4096 sysid 1)

port Po1 cost 15000 rem hops 18

Interface Role Sts Cost Prio.Nbr Type

Gi0/1 Desg FWD 20000 128.1 Edge P2p

...

Gi0/15 Desg FWD 50000 128.15 P2p

Po1 Root FWD 10000 128.65 P2p

###### MST02 vlans mapped: 600

Bridge address 0019.56e2.c840 priority 32770 (32768 sysid 2)

Root address 000b.60f1.5640 priority 4098 (4096 sysid 2)

port Gi0/19 cost 25000 rem hops 18

Interface Role Sts Cost Prio.Nbr Type

Gi0/1 Desg FWD 20000 128.1 Edge P2p

...

Gi0/14 Desg FWD 20000 128.14 Edge P2p

Gi0/19 Root FWD 20000 128.19 P2p

###### MST03 vlans mapped: 498

Bridge address 0019.56e2.c840 priority 32771 (32768 sysid 3)

Root this switch for MST03

Interface Role Sts Cost Prio.Nbr Type

Gi0/1 Desg FWD 20000 128.1 Edge P2p

...

Gi0/14 Desg FWD 20000 128.14 Edge P2p

What is the problem? Configuration bug or IOS bug. Have anybody met such a problem?

thank you

fmeetz · ‎06-15-2007

I think RSPAN floods traffic over all ports on source switch is your problem. By default, the switch floods packets with unknown destination MAC addresses to all ports. If unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues.

For more information click following link:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801a6b2c.html#1063295

Konstantin Dunaev · ‎06-18-2007

Hi,

but RSPAN traffic should be sent only to remote-vlan, in my case it's VLAN500, which is configured only on uplink ports, not on the access ports, why the traffic for VLAN500 should appear on the interfaces where

VLAN500 is not configured?

If we have some unknown-unicast flood, this flood should not be sent to reflector port, because reflector port belongs to the "remote-vlan" VLAN and should not get any data from any VLAN with real data.