Hi all, I manage a big network. Using Wireshark Inoted that I receive on my network card packets with a destination address not directed to my pc. In my network we have a lot of virtual servers managed with vmware. Could it be the reason of this traffic? Has anyone experience about this?
It sounds like unicast flooding. This is normal on a network where you have asymetric paths and/or multiple switches in the same Layer-2 domain. Without redesigning the network it is impossible to get rid of, however it can be 'tuned' by changing the ARP & CAM timers to be similar.
I think this is one of the biggest reasons to deploy a structured Campus network, as with a properly structured LAN with VLAN's not spanning any Layer-2 switches you can completely eliminate this behaviour.
This is very common in campus networks. What happens is a host or a Layer-3 device has a valid ARP entry however the Layer-2 device that is forwarding the traffic does not have a CAM entry for the MAC so floods it to all ports in the VLAN (except the one it was received on).
In Layer-3 environments with asymetric paths (i.e. two distribution switches running HSRP down to an access-layer) both routers will legitimately forward traffic directly to hosts on a VLAN. If one of the distribution switches has an ARP entry but no coresponding CAM entry he will flood it to all ports in the VLAN. If only one uplink/downlink is configured for this then it's fine as long as there is only one access switch in the VLAN as the flooding is contained to one link, the access switch has the MAC device that the traffic is destined for and will have a CAM entry. If you have access switches cascaded then the flooding can continue in the access-layer until it reaches the switch where the host is.
Tuning the CAM & ARP timers to be similar in all Layer-2 & Layer-3 devices within the same broadcast domain can improve things, however the only solution to eliminating it is redesigning the network. Layer-3 to the edge is the most efficient, however a Layer-2 edge and a Layer-3 Distribution are good as long as you don't span VLANs between access switches.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...