Unicast flooding issue with 3750g

mirko.corosu · ‎10-21-2013

Hi all,

Sniffing on an host interface connected to my 3750g I get many unicast packet destined to different hosts and not coming from the machine where I started the sniffing task. Doing some investigations I realized that several mac addresses was disappearing

too fast from the mac address table:

c3750G-48T-ST#show mac-address-table address 00:26:9e:3c:7e:6a

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0026.9e3c.7e6a DYNAMIC Po10

Total Mac Addresses for this criterion: 1

and after between 10 and 20 seconds:

c3750G-48T-ST#show mac-address-table address 00:26:9e:3c:7e:6a

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

c3750G-48T-ST#

The aging time is the default one:

c3750G-48T-ST#show mac-address-table aging-time vlan 1

Global Aging Time: 300

Vlan Aging Time

---- ----------

1 300

It does not look like a problem of spanning tree, as the topology does not change that often:

c3750G-48T-ST#show spanning-tree vlan 1 detail | include change|from

Topology change flag not set, detected flag not set

Number of topology changes 313 last change occurred 13:42:30 ago

from Port-channel1

Times: hold 1, topology change 35, notification 2

Timers: hello 0, topology change 0, notification 0, aging 300

Which tests can I perform to understant the causes of this issue?

Thank you

Mirko

Joseph W. Doherty · ‎10-21-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You may want to review: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

mirko.corosu · ‎10-21-2013

Hi Joseph,

Thank you for your quick response. Non of the three cases included in the document can be applied to the issue:

- No asimmetric path, as the packets flooded are destined to hosts in the same vlan as the sender host.

- No spanning tree topology changes (at least as I can see issuing the command "show spanning-tree vlan 1 detail" as shown in the first post)

- No forwarding table overflow:

c3750G-48T-ST#show mac-address-table count vlan 1

Mac Entries for Vlan 1:

---------------------------

Dynamic Address Count : 453

Static Address Count : 1

Total Mac Addresses : 454

Total Mac Address Space Available: 1728

It seems that the mac addresses involved are aging-out too fast. Any ideas?

Thank you

Mirko

InayathUlla Sharieff · ‎10-21-2013

We need to remember that content addressable memory (CAM) is set to five
minutes, after that the mac address will be deleted if no traffic is
received from that address. The default ARP table time is four hours. This
difference of time will produce the issue.

 

As

ymmetric routing can isolated with:

 

Adjust the MAC aging time on the respective switches to 14400 seconds or
longer. This will make the time to be the same as the ARP table. Or vice
verse. Or;  

 

Change the MAC aging time and ARP timeout to the same timeout value.

 

Please refer to the next links that explain much asymmetric routing and
asymmetric routing with HSRP:

 

 
<http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note091
86a00801d0808.shtml#cause1>
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note0918
6a00801d0808.shtml#cause1

 

 
<http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a008
0094afd.shtml#t8>
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080
094afd.shtml#t8

 

For an specific VLAN you can change the aging time of the table with the:

 

Switch(config)#mac-address-table aging-time [time in seconds] [vlan id] or;

Switch(config)#mac address-table aging-time [time in seconds] [vlan id]

 hope this helps.

RegardsInayath

mirko.corosu · ‎10-21-2013

Hi Inayath,

I've configure the aging time to 14400 but unfortunately it doesn't solve the issue as it seems that several MAC addresses still disappear from CAM in less than 30 secs after the switch learnt them.

As I wrote before, asymmetric routing is not cause if the problem.

Thank you again

Mirko