Heavy traffic on STP blocked port

Answered Question
Oct 31st, 2009
User Badges:

Hello all,


We have a distribution 6500 uplinking to various access level 3750 devices. The switches are configured for STP and one port is blocking while the other is forwarding (as confirmed by the IOS in both switches).


Due to some requirement or the other at work, I had to configure Cacti to monitor the link utilization of the access ports and added all the ports in the access level switch (including the uplinks ports). To my surprise, i can see that while the forwarding uplink has a b/w utilization of 980Mbps, the 'blocking' uplink is around 600-700Mbps. This was again confirmed by logging into the IOS and running a 'show interface | inc minutes' command.


Please note the blocked uplink is in blocking state for all the VLANS in the switch and not a select few.


Any ideas whats going on here ??

Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello Omran,


>> I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.


A possible explanation could be that the destination MAC address of the frames is not speaking so after 300 seconds it becomes an unknown unicast and traffic is flooded on the Vlan including the uplink because it is blocked only on access switch side.


This could come from servers using multiple NICs with one NIC used to receive and another one to transmit.

In this way the switches cannot learn the destination MAC address.


if so you can only add a static entry to the CAM table for the port where the NIC receiving backup traffic is connected.


First of all you need to capture the traffic outgoing the uplink port on C6500 side.


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
tekjansen101 Sun, 11/01/2009 - 01:24
User Badges:

Hi Peter, thanks for your response...


As far as the access switch is concerned, the traffic is ingress traffic into the port. The outbound is neglible (71 bytes) which is probably attributable to BPDUs or TCNs).


I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.


I'm trying to see the dropped counters for the port...is there a specific command that will let me do so ... ?

Correct Answer
Giuseppe Larosa Sun, 11/01/2009 - 01:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Omran,


>> I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.


A possible explanation could be that the destination MAC address of the frames is not speaking so after 300 seconds it becomes an unknown unicast and traffic is flooded on the Vlan including the uplink because it is blocked only on access switch side.


This could come from servers using multiple NICs with one NIC used to receive and another one to transmit.

In this way the switches cannot learn the destination MAC address.


if so you can only add a static entry to the CAM table for the port where the NIC receiving backup traffic is connected.


First of all you need to capture the traffic outgoing the uplink port on C6500 side.


Hope to help

Giuseppe


tekjansen101 Wed, 11/04/2009 - 21:49
User Badges:

Peter, Guilsar, you guys are awesome ... my faith in STP has been restored LOL

Peter Paluch Sun, 11/01/2009 - 01:49
User Badges:
  • Cisco Employee,

Hello,


Is the traffic incoming or outgoing of a blocked port? A blocked port should not be transmitting any frames, however, it can receive frames without any limitations, although it will drop them. These frames should be however recorded in interface counters so this is probably the high "traffic" you are seeing in Cacti - the frames that are sent to your blocking port. They are accounted as received even though they are dropped.


Logically, the traffic received by your blocking port must a broadcast, multicast or unknown unicast traffic, as the switch connected to your blocking port does not learn any MAC addresses from you (as you are not sending any frames to it). But I would say that still it's quite a lot.


What about running a SPAN session on that blocked port and having a look what is making such a big traffic?


Best regards,

Peter


Actions

This Discussion