Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1342
Views
5
Helpful
4
Replies

unicast nfs traffic seen on all trunks

kevinhoward1
Level 1
Level 1

‎01-17-2007 08:01 AM - edited ‎03-05-2019 01:49 PM

Hello,

We have a situation where we see (via sniff) established nfs traffic on all

our trunk links. We can see the src and dest ip's, the traffic counts

increasing when certain database jobs runs. We cannot nail down, after the

initial broadcast of the src to find the dest ip, why the traffic is seen on

each trunk link. Basic hub and spoke, 6509's at core, 4000's at the spokes.

No directed broadcasts allowed either.

Example: Core A and B. Spokes C,D,E,F,G

traffic passes from C to core (A/B) back to D. The trunk links on E, F, & G

see the traffic.

Any input on this or where else to look would be appreciated.

Labels:
0 Helpful
4 Replies 4

mheusinger
Level 10
Level 10

‎01-17-2007 08:16 AM

Hi,

usually this means unknown unicast flooding takes place. There can be few reasons. First the host receiving the traffic could be not sending any frame with its source MAC within the MAC address table timeout (5 min per default). Solution: trigger a ping every minute from this host (small script).

Second this could have to do with HSRP and spanning tree. The underlying reasons and possible problem solutions are very well described in "Unicast Flooding in Switched Campus Networks" found at

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

Could you please check, if this already solves your issues? If not, please provide more information about your scenario.

Hope this helps! Please use the rating system.

Regards, Martin

kevinhoward1
Level 1
Level 1
In response to mheusinger

‎01-17-2007 12:27 PM

thanks for the feedback. I had seen this article before. In a simple form, we can see two hosts, both going through one switch, ftp or nfs. The target mac address ages out of the mac table, which causes the flooding. If we setup a ping to the target and ping it <5 minutes (before age out) then there is no flooding at all. I do not understand how during a very long ftp session or nfs, the targets mac ages out? thanks in advance.

0 Helpful

adrian.chadd
Level 1
Level 1
In response to kevinhoward1

‎01-17-2007 06:03 PM

Hm, need more information than that.

What subnets are the two servers on? Which vlans? Where's the routing for the vlan being done? Whats STP decided the best path between the switch and the router(s) for each VLAN? (it -could- be different in PVST.)

It shouldn't happen if they're on the same switch and on the same VLAN.

0 Helpful

kevinhoward1
Level 1
Level 1
In response to kevinhoward1

‎01-18-2007 07:58 AM

this ended up being udp traffic. The nfs server never responds to the client, with a any tcp connection, confirmation or keep alive. So, the mac-addy of the server would time out and the switch wouldn't know where it was, and then flood traffic. If I set up a periodic ping (<5 mins) to the server, I kept the mac-add fresh in the table, and the flooding stopped. Discussing having the nfs client/server have a keep alive sent between them, or enable pruning as well to limit the flooding.

0 Helpful
Customers Also Viewed These Support Documents