In our network we have about 90 switches. All core and distribution layer switches have redundant links. Spanning tree is configured and seems to be working, in that is is blocking appropriate ports. Cisco Network assistant is an easy way to see this.
However when I sniff traffic on an ordinary port on any switch I can see traffic that should not be there. The port is not spanned or anything. But I can see some traffic between hosts that is not broadcast traffic and none of which should be on that port.
The thing is that the more loops that I put in the network the worse it gets, even though STP takes care of it. As a result it seems that during high traffic usage there can be times that uplinks to dist switches are overloaded and discard packets due to no buffers.
Most switches have uplink ports set to priority 16 or 32 to determine which is primary etc. But not all, is this a problem?
There is a root set. There a many VLANs on the network.
I can only think that there is a spanning tree problem with my config.
You have multiple routed connections into the switch network. So I would check for asymmetric routing. If this is happening switches will not see return traffic and will therefore not be able to build complete CAM tables causing unicast traffic to be broadcasted around the entire VLAN / switched network.
I have had a close look at the documentation you linked to. I still have no answer but some more information that may help you help me.
I have run some "traceroute mac" commands with some of the IPs that I see traffic from, there seems to be no problem with them and the path they take. Besides some of the traffic that is being unicast is on the same subnet so layer three is not part of the problem.
There seems to not be STP Topoligy Changes either. The unicast traffic is pretty consistant and I cannot see any changes happening.
I do know that not all switches have a weighting on their uplink interfaces. But they do block one of the ports and they are not changing either.
I have seen somewhere that you are not suppossed to use UDLD in a multiple VLAN spanning tree environment. But I have seem some UDLD commands around.
It doesn't sound like a STP problem to me, I would expect more devistating problems if it was. Do you know if all traffic is being flooded or just certain MAC's. Have a look at a destination MAC that is being flooded and check that the switches have CAM entries for this MAC. Are you doing any NIC teaming on the end hosts, the only time I have seen intravlan unicast traffic being flooded is when a mainframe that had dual NIC's had been configured to Rx on one NIC and Tx on the other so the destination MAC was never seen by the switches.
Does this mean that I should increase the CAM to four hours to match the ARP? Do you know of any side effects of this? We are running HSRP also, as the article suggests. But not all the traffic I see is being routed, some is on the same subnet.
Thanks all for your comments, I really need to get this sorted.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...