01-17-2014 10:37 PM - edited 03-07-2019 05:38 PM
Hi,
We have an MPLS location in our project where some desktops are generating brodcasts and hence choking the bandwidth of that location.
My question is how can i identify which system is generating these and how to block them at Router/Switch level.
01-18-2014 12:22 AM
You enable Netflow.
Sent from Cisco Technical Support Wii App
01-18-2014 12:23 AM
Normally broadcast won't pass a layer 3 gateway. What information leads you to believe end station broadcasts are the cause of your issue?
Sent from Cisco Technical Support iPad App
01-18-2014 01:55 AM
When i Unplugg the LAN interface of Router plugged in L2 Switch the ping response to WAN interface becomes normal
otherwise it varies from 10ms to 1000 ms
01-18-2014 02:21 AM
Well, you could enable Netflow.
With Netflow, you will be enable to determine your top talkers in a span in time.
Sent from Cisco Technical Support Wii App
01-18-2014 02:31 AM
hmm.. Thanks for the reply
how can i monitor netflow ? any freeware ?
01-18-2014 02:33 AM
The best place to enable Netflow will be on your router.
Netflow doesn't need a third-party software. You just configure this feature on the router.
01-18-2014 02:37 AM
01-18-2014 02:49 AM
I understand that the problem can be identified by using netflow but how to analyse the netflow traffic without exporting to some third party software ?
01-18-2014 02:56 AM
If you configure Netflow correctly, run the command "sh ip flow top-talkers" and you'll see a list of source and destination IP address.
Does this make sense?
01-18-2014 05:08 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
When you unplug the router's LAN interface, wouldn't that also likely stop the router for doing much routing and/or stop most traffic transiting the WAN link? If so, it's reasonable pings to the external WAN interface would improve.
What's the load across the WAN link when there's high ping responses?
Also, remember, Cisco network devices respond to pings, to themselves, as a low priority item. I.e. poor ping responses from a router interface might not be indicative of any real issue, other than the router was busy doing something else.
In other words, why do you think LAN broadcasts are the cause of the issue?
Broadcasts are also generally necessary for correct network operations, so precluding them, or even limiting them, can cause other issues. Some switches do support broadcast flood bandwidth limits, but that's not a panache solution.
BTW, I'm unsure netflow will show broadcast "flows". If not, RMON type stats from hosts would show a breakdown of broadcasts being transmitted per host. (NB: not all hosts will record such stats.) Also if not, if you can packet capture the LAN, you'll see the broadcast packets. (NB: some later IOS images can do packet captures.)
01-18-2014 07:05 AM
Depending on the router version and IOS version you utilize the EPC feature to capture process switched broadcast traffic
EPC embedded packet capture
Sent from Cisco Technical Support iPhone App
01-19-2014 09:12 PM
The point is that the link is not at all under utilization , it is a 2 Mbps dedicated MPLS Link of the normal latency of 5 ms
but due to something in LAN (which i presume as Broadcasts) the latency goes as high as 1000ms and there are also packet drops (during this occurence there is a mere utlization of 100 Kbps or so). Moreover the moment i unplug the switch or do a shutdown of LAN interface everything becomes normal.
@Leo i will try out the top talkers command
@Joseph thanks for the inputs
01-20-2014 03:53 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The point is that the link is not at all under utilization , it is a 2 Mbps dedicated MPLS Link of the normal latency of 5 msbut due to something in LAN (which i presume as Broadcasts) the latency goes as high as 1000ms and there are also packet drops (during this occurence there is a mere utlization of 100 Kbps or so). Moreover the moment i unplug the switch or do a shutdown of LAN interface everything becomes normal.
Hmm, MPLS, is bandwidth to the site, from one or more sites, oversubscribed?
Packet drops usually occur when bandwidth is saturated, so that's inconsistent with a "mere utilization of 100 Kbps or so", although much depends on how the bandwidth utilization is being measured (i.e. over what time period). Microbursts happen in the millisecond range. Also, drops against rate adaptive traffic will lower longer term transmission averages.
What I'm saying is, keep an open mind. What you've described so far could have a cause you don't expect.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: