cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2991
Views
0
Helpful
4
Replies

Heavy traffic on STP blocked port

tekjansen101
Level 1
Level 1

Hello all,

We have a distribution 6500 uplinking to various access level 3750 devices. The switches are configured for STP and one port is blocking while the other is forwarding (as confirmed by the IOS in both switches).

Due to some requirement or the other at work, I had to configure Cacti to monitor the link utilization of the access ports and added all the ports in the access level switch (including the uplinks ports). To my surprise, i can see that while the forwarding uplink has a b/w utilization of 980Mbps, the 'blocking' uplink is around 600-700Mbps. This was again confirmed by logging into the IOS and running a 'show interface | inc minutes' command.

Please note the blocked uplink is in blocking state for all the VLANS in the switch and not a select few.

Any ideas whats going on here ??

1 Accepted Solution

Accepted Solutions

Hello Omran,

>> I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.

A possible explanation could be that the destination MAC address of the frames is not speaking so after 300 seconds it becomes an unknown unicast and traffic is flooded on the Vlan including the uplink because it is blocked only on access switch side.

This could come from servers using multiple NICs with one NIC used to receive and another one to transmit.

In this way the switches cannot learn the destination MAC address.

if so you can only add a static entry to the CAM table for the port where the NIC receiving backup traffic is connected.

First of all you need to capture the traffic outgoing the uplink port on C6500 side.

Hope to help

Giuseppe

View solution in original post

4 Replies 4

tekjansen101
Level 1
Level 1

Hi Peter, thanks for your response...

As far as the access switch is concerned, the traffic is ingress traffic into the port. The outbound is neglible (71 bytes) which is probably attributable to BPDUs or TCNs).

I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.

I'm trying to see the dropped counters for the port...is there a specific command that will let me do so ... ?

Hello Omran,

>> I would imagine the traffic is unicast in nature since the application responsible for this traffic is a backup server that is responsible for backing up data from a few 100 or so servers.

A possible explanation could be that the destination MAC address of the frames is not speaking so after 300 seconds it becomes an unknown unicast and traffic is flooded on the Vlan including the uplink because it is blocked only on access switch side.

This could come from servers using multiple NICs with one NIC used to receive and another one to transmit.

In this way the switches cannot learn the destination MAC address.

if so you can only add a static entry to the CAM table for the port where the NIC receiving backup traffic is connected.

First of all you need to capture the traffic outgoing the uplink port on C6500 side.

Hope to help

Giuseppe

Peter, Guilsar, you guys are awesome ... my faith in STP has been restored LOL

Peter Paluch
Cisco Employee
Cisco Employee

Hello,

Is the traffic incoming or outgoing of a blocked port? A blocked port should not be transmitting any frames, however, it can receive frames without any limitations, although it will drop them. These frames should be however recorded in interface counters so this is probably the high "traffic" you are seeing in Cacti - the frames that are sent to your blocking port. They are accounted as received even though they are dropped.

Logically, the traffic received by your blocking port must a broadcast, multicast or unknown unicast traffic, as the switch connected to your blocking port does not learn any MAC addresses from you (as you are not sending any frames to it). But I would say that still it's quite a lot.

What about running a SPAN session on that blocked port and having a look what is making such a big traffic?

Best regards,

Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco