VPN and Spanning Tree traffic

jsmaycotte · ‎11-27-2006

Hello,

I'm a kind of a novice in all this networking stuff, so I apologize if my question seems to "newbish."

Recently in the school I work in people began having problems sending their e-mails through Outlook. We began digging around and realized that only some VPNs in our network had that problem - the rest of them worked okay.

We then began sniffing those VPNs with Ethereal and realized that there is a lot, and by a lot I mean a LOT of Spanning Tree packets and some CDP and OSPF packets here and there.

This STP, CDP and OSPF traffic does not appear at all - okay, just one or two STP packets here and there, but very sporadic - in the other VPNs that are working okay, only in those affected.

For the moment we told our employees to up their server time out on Outlook from 1 minute to 5 minutes - since it usually takes around 2 minutes for the computer to make the SMTP connection :S

My first question is: aren't the STP packets only sent when there is a change in the topology? And how could I troubleshoot the VPNs to see the differences between one or another?

I must also add that I wasn't here when the networking infrastructure was setup, and the people who where here are long gone, so I don't have much information about the network.

We're working with a Catalyst 4006 as the core, with a Supervisor Engine II and Catalyst 3500XL as distribution and access switches.

Thanks in advance!

smahbub · ‎12-01-2006

STP: is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network.

Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP backbone network. A VPN is a collection of sites sharing a common routing table. A customer site is connected to the service provider network by one or more interfaces, and the service provider associates each interface with a VPN routing table. A VPN routing table is called a VPN routing/forwarding (VRF) table.

Try these links:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008014f367.html#wp1041529

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801cddd9.html

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml

Richard Burts · ‎12-03-2006

Jorge

The kind of traffic that you mention (CDP, STP, OSPF) use multicast or broadcast addressing. It is normal to see some of that kind of traffic when doing packet captures. In doing a packet capture you can have the capturing PC connected on an access port or it can be connected on a SPAN or mirror port. If it is on an access port you will see all multicast and broadcast traffic and unicast traffic for the address of the device on the port. If it is on a SPAN or mirror port then you will see multicast and broadcast traffic and whatever unicast traffic you have configured to go to the SPAN or mirror port. I wonder if some of the variability you are seeing in the capture is caused by being connected to different kinds of ports.

Another aspect that might explain some of what you are seeing is that there might be differences in size and traffic volume among different VLANs. A VLAN with just one or two switch or router interfaces will have a small amount of CDP, STP, or OSPF traffic while a VLAN will more switch or router interfaces will see more of this traffic.

One other point is that seeing STP traffic is normal. Bridge or switch intefaces send STP BPDUs every two seconds by default. So seeing STP traffic is not necessarily a sign of instability in your Spanning Tree.

HTH

Rick

HTH

Rick

jsmaycotte · ‎12-20-2006

Hello,

Sorry I have not gotten back to report on the issue sooner, but we set aside this situation for a while at my IT department.

The situation is this: We noticed we had a problem because certain employees began complaining that they couldn't send any emails through Outlook. We saw that the problem was that for some reason they couldn't find the SMTP server before getting a timeout - Outlook uses a 1min timeout. Additionally, we began noticing that machines in those VLANs had trouble login to Novell - again, they received a timeout before reaching the server.

That's the reason we began capturing packets in several of our VLANs and realized that those problematic VLANs had way too much CDP, STP and OSPF traffic compared to the ones that had no problems.

There's also mention that the more switches on a VLAN, the more STP traffic it will have. Oddly, one of our VLANs consists of only one switch, hehehe.

Now, like I said, I'm a newbie to networking and sadly, I don't know how the network is configured around here. It was like that when I got here and no one cared to leave documentation. So, I'm wondering, can anyone point me to some how-to's/tutorials on how to create a VLAN? I've found the Cat 4006/Supervisor Engine II manuals, but they're very sketchy, not providing the details.

Thanks in advance!

jsmaycotte · ‎12-20-2006

Something we have also tried is changing VLANs to a port in a switch. That is if I change the FastEthernet port to a VLAN that works okay - no extra STP, CDP - I have no problem sending emails and connecting to the Novell servers. Then I change the same port to work with one of the problematic VLANs and then I can't send emails nor connect to the Novell services. Therefore I don't think it is a physical problem - say, an involuntary loop - but rather a configuration problem somwhere.