NW Slow Speed Problem

Unanswered Question
Nov 24th, 2009

Dear Experts,

I have found a strange problem in our Network.

One Perticular NW segment i.e Production Network has problem of NW slow speed and eventually that goes down. In this case as we remove the Cable from L3 SW ( Cisco 3560 ), the Problem is resolved.

Whats Could be the reason for the same.

I have captured at the point of entrance of NW and at the end of the NW as shown in Dia.

Pls Help. Soon

Dipesh P.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rupam_chakra1983 Tue, 11/24/2009 - 03:40

You can do port mirroring and monitor the type of traffic on that port by using wireshark tcc.

it may be some kind of mailicious traffic that is impacting your network performance

Plz rate this post if found useful

Thanks

Dipesh Patel Tue, 11/24/2009 - 19:13

Dear Rupam,

I have captured using wireshark.The Paltop with wireshark software is connected in the same segment but i coudn't find any mellisious or unwanted taffic in it. I had done this withoud mirroring of Port.

How can I mirror the port can you help me?

Regards,

Dipesh P.

glen.grant Tue, 11/24/2009 - 04:33

  Sounds like somewhere on that switch someone is introducing a bridging loop .  When it is happening try to get into the switch and see in you can see any port with high utilization  and also check to see if the switch can see "itself"  via cdp which will indicate that someone has bridged 2 ports together .  Also look for ports that may have multiple mac addresses associated with indicating someone has introduced  their own switch into the network and may have tied 2 ports together.

Dipesh Patel Tue, 11/24/2009 - 19:21

Dear glen.grant,

Thanks for reply.

Yes Looping problem is there in upword side of Diagrame. But at the time of problem I could not see any loggs for the same.

And another thing is that the Level 2 NW shown in diagram in which this slow speed problem is with tottaly unmannaged Switches (Dlink). We can't see any logs or anything. Only one indicater of Utilization is there on the SW which shows high utilization and at that time Nw goes slow and hence down.

Can you suggest me the necessory steps to identify the root cause or solution?

If you need any information from my isde pls revert back soon.

Dipesh P.

Leo Laohoo Tue, 11/24/2009 - 19:32

You can enable MAC port security.

If spanning-tree portfast is enabled on each port, bpduguard (spanning-tree bpduguard enable). 

Dipesh Patel Wed, 11/25/2009 - 01:41

Dear All,

Today also the same problem was happened.

By Capturing it was found that, a L3 SW create a ARP broadcast on Level 2 Segment.

Can you pls suggest how to block this ARP traffic on this Vlan?

Dipesh P.

Giuseppe Larosa Thu, 11/26/2009 - 00:09

Hello Dipesh,

I've quickly reviewed this thread.

>> And another thing is that the Level 2 NW shown in diagram in which this slow speed problem is with tottaly unmannaged Switches (Dlink).

Some considerations follow:

if only one physical link exists between the D-link L2 switches and the L3 switch the interaction between the L3 switch and the D-link on this link cannot be a cause of problems.

if there are multiple links between the L3 switch(es) and the D-link L2 switches this has a potential for problems.

about the ARP traffic: L3 switch receives traffic for IP hosts in vlan that is associated to the port to D-link switches.

it has to try to resolve the IP address in a MAC address to be able to send out a frame.

Verify in your captures if the L3 switch is trying to solve multiple hosts and if these hosts are in the IP subnet(s) associated with  the vlan.

to be noted that  these IP hosts can be non existing or placed on other parts of your network that are part of the same vlan topology (broadcast domain)

check if these D-link L2 switches are able to talk IEEE 802.1D legacy  STP otherwise the problem can be in the NW2 cloud

Hope to help

Giuseppe

Dipesh Patel Wed, 12/02/2009 - 22:32

Hello Giuseppe,

Sorry to respond let.

Actually the problem is due to the Level 2 unmanaged Switches. They can not understand STP and ARP I think.

We have implemented IP ACl for blocking unnecessary traffic. But than also I can see ARP and STp broadcast in NW with unmanaged switches.

How can block these traffic.

Can I block ARP traffic from one perticuler sender?  If yes than how ?

I have seen ARP ACL but where to apply it?

or Is it applied on ARP table directly?

Pls suggest.

Dipesh P.

Actions

This Discussion