General LAN switching

Answered Question
Apr 25th, 2010
User Badges:

Hello all,


I'm running a Cisco 1841 and a 2960 switch at home.  I have a PS3 and a media server, both of which are running in the same subnet.  I use the PS3 to stream movies directly from my server regularly.


Anyway, I run netflow in my 1841 router to monitor network traffic.  I had netflow set to monitor the router's LAN int.  Theoretically, when I stream movies from the media server to the PS3, since both are in the same subnet and have the same default gateway, packets should never hit the router LAN int, and be switched locally in the 2960.  However, when I checked my netflow monitor, traffic spiked whenever movies are streaming.  I was sure that nothing else is hogging the pipe, and the source LAN IP confimed traffic was coming from my server to the PS3.


I had since change netflow to only monitor ingress/egress on the WAN int.  Also I have statically configured the IP settings on my PS3 and media server to ensure both have the same default gateway and mask.


My question is:  in what scenario would packets sourced from and destined to hosts of a same subnet be forwarded to the router first then back?  Generally, when the same packet goes in and out of the same router int, the network design is flawed, and ICMP redirects usually pops up here and there.  However, there is only 1 router and 1 switch in play here....


Something to think about if you are bored



Thanks,



Will

Correct Answer by Jon Marshall about 7 years 4 weeks ago

Will


My question is:  in what scenario would packets sourced from and destined to hosts of a same subnet be forwarded to the router first then back?


They are probably not being forwarded to the router and back again if they have the correct subnet/subnet mask settings. What you may be seeing is the packet is being sent to both destination host and also the router interface. If the subnet/subnet masks don't match then they may well be sent via the router interface.


If they do have the same subnet/subnet mask then if the packets are unicast this is because there is no mac-address to port mapping for the destination host hence the switch has to send the packet to all ports in the vlan. A common problem that can cause this is unicast flooding, have a look at this doc for an explanation -


Unicast flooding


Alternatively if the packet is multicast then it may be because you have not enabled IGMP snooping or you don't have anything making the IGMP queries so the switch has to send the multicast stream to all ports in the vlan ie. the multicast becomes a broadcast.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Sun, 04/25/2010 - 12:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Will


My question is:  in what scenario would packets sourced from and destined to hosts of a same subnet be forwarded to the router first then back?


They are probably not being forwarded to the router and back again if they have the correct subnet/subnet mask settings. What you may be seeing is the packet is being sent to both destination host and also the router interface. If the subnet/subnet masks don't match then they may well be sent via the router interface.


If they do have the same subnet/subnet mask then if the packets are unicast this is because there is no mac-address to port mapping for the destination host hence the switch has to send the packet to all ports in the vlan. A common problem that can cause this is unicast flooding, have a look at this doc for an explanation -


Unicast flooding


Alternatively if the packet is multicast then it may be because you have not enabled IGMP snooping or you don't have anything making the IGMP queries so the switch has to send the multicast stream to all ports in the vlan ie. the multicast becomes a broadcast.


Jon

wchengcisco Sun, 04/25/2010 - 13:33
User Badges:

Can't open that doc, my Cisco account is not good enough   But there is always google.


Interesting point about IGMP snooping on the switch.  It is indeed not turned on, but I have to figure out if the software I use to stream HD content actually uses multicast instead of unicast.  Now that I think about it... I did not need to tell the PS3 to point to a specific IP, so how would it know which server to listen to?   The only this happens is if my streaming server does multicast in the same subnet.  I have some serious research to do when I get home.


Thanks Jon.  Now I have to figure out how to give you points...

Jon Marshall Sun, 04/25/2010 - 13:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

wchengcisco wrote:


Can't open that doc, my Cisco account is not good enough   But there is always google.


Interesting point about IGMP snooping on the switch.  It is indeed not turned on, but I have to figure out if the software I use to stream HD content actually uses multicast instead of unicast.  Now that I think about it... I did not need to tell the PS3 to point to a specific IP, so how would it know which server to listen to?   The only this happens is if my streaming server does multicast in the same subnet.  I have some serious research to do when I get home.


Thanks Jon.  Now I have to figure out how to give you points...


Will


Thanks for the rating.


IGMP snooping should be on by default on your switch but you also need something to make IGMP queries for the snooping to listen to. You can do a couple of things -


1) if you only want to multicast within the same vlan then you can, if the switch supports it, turn on the IGMP snooping querier function. Your 2960 switch does support it -


2960 igmp snooping querier


or


2) enable PIM on the 1841 router interface connecting to the switch. Enabling PIM will automatically start IGMP queries.


If you only want to multicast within the same vlan i would go with 1)


Jon

wchengcisco Sun, 04/25/2010 - 14:44
User Badges:

I think #1 is the best option.  Let's assume the following, since I still have to figure out how the streaming software in my media server and the PS3 reacts to each other:


1. media server (192.168.1.10) sends multicast to discover PS3 (192.168.1.15) (but it's probably the other way around)

2. I only want the switchport at which the PS3 is connected to listen to this multicast.  The rest of the ports will discard the packets.


Should I configure the switch like so?


switch(config)# ip igmp snooping querier 192.168.1.15




-Will

Jon Marshall Sun, 04/25/2010 - 14:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

wchengcisco wrote:


I think #1 is the best option.  Let's assume the following, since I still have to figure out how the streaming software in my media server and the PS3 reacts to each other:


1. media server (192.168.1.10) sends multicast to discover PS3 (192.168.1.15) (but it's probably the other way around)

2. I only want the switchport at which the PS3 is connected to listen to this multicast.  The rest of the ports will discard the packets.


Should I configure the switch like so?


switch(config)# ip igmp snooping querier 192.168.1.15




-Will


Will


The ip address used in the igmp snooping querier command is the IP address assigned to the L3 vlan interface for that vlan.


If it is multicast then the server does not "discover" the client as such. The server simply sends out the stream to a multicast destination address. It doesn't know or care who wants to receive the stream. The client registers with IGMP that it wants to receive the multicast stream and this is what IGMP snooping does ie. listens to IGMP queries/responses so the switch can learn which ports clients are attached to that want to receive the multicast stream.


Jon

Actions

This Discussion

Related Content