• November 25, 2020, 08:49:21 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Flooding Unicast and Mac address table  (Read 6877 times)

0 Members and 1 Guest are viewing this topic.

Offline Guillaume

  • Full Member
  • ***
  • Posts: 59
Flooding Unicast and Mac address table
« on: March 21, 2013, 03:19:47 PM »
Hi guys,

One of the practice that I like to do is to plug a Wireshark listener device into my CoreSwitch and just listen all the things that are broadcasted to the network.

Yesterday, I received some unicast conversation (that was not in relation with the device itself). Yes it's normal to reveive some if the switch don't have the MAC in is table, she's gonna spread it to all is port.

But I found one unicast conversation that was more intensive than the others. Please check the screenshot that I attached.

As the red arrow show it, I always see packets from 192.168.103.190 to 192.168.103.247 . It's always the same direction.

Then i tried to log into my switch (it's a 5520-PWR with SW : 6.3.0.012 & FW : 6.0.0.15) and seach for the MAC address of 103.247 in the table. I found it at the appropriate port. Then I repeated the command as fast I can and found that sometime, the result point out that the address is not in the table. At this right moment, on my other screen, I see the packet enter in Wireshark. Then 1 command after, the MAC is back. Not pattern at all, it may sometime take 30 sec or 120 sec for a packet to be capture by my device.

So it's seem that for a reason, the table forgot the MAC address... The aging is at 300 sec. And I can confirm that the conversation between them is none stop.

Some more information :

In a capture of 98 mins, the average unicast packets seen for another conversation is between 10-30 packets captured. 2nd is comming with 109 packets. And the conversation that we are talking about got 692 packets flooded to each port. It's not "network breaking" at all... No performance issue. But it's not all right...

In the picture, the larger the band is, more packet are present. It come from Cascade Pilot who can analyse Wireshark capture.

Well I'm trying to figure out the problem !

Thanks.


Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
Re: Flooding Unicast and Mac address table
« Reply #1 on: March 22, 2013, 05:07:16 AM »
Hi Guillaume,

It is quite possible that you have hit a bug in the software?  I would raise a call with Avaya and let them investigate further.

If the bug starts to cause performance issues you could always use static MAC?

CheerZ and good luck

Offline bryans

  • Rookie
  • **
  • Posts: 20
Re: Flooding Unicast and Mac address table
« Reply #2 on: March 22, 2013, 08:12:48 AM »
Guillaume,
I'm having a kind of similar issue with an ERS8300 running 4.2.3.7.  I have 55xx switches running similar code 6.3.0.13s, and I haven't detected the type of behavior you are describing.
The 8300 in question has four VLANs, one of the VLANs is used for our public Internet access and Network Access Control (NAC). This same VLAN exists on other 8300/5xxx switches throughout our network.
However, on those other 8300/5xxx switches the number of MAC address entries in those forwarding table is relatively small (400-500 MACs).  The 8300 running 4.2.3.7 has 3000-8000 forwarding table entries for the same VLAN.
When I use Wireshark I see lots of unicast conversations on the switch with the high forwarding table entries - which I then interpret as unicast flooding on the ports.
I opened a call with Avaya support, but they didn't seem overly concerned even though the MACAddrCapacity limit for the ERS8300 is 4096.

Offline Guillaume

  • Full Member
  • ***
  • Posts: 59
Re: Flooding Unicast and Mac address table
« Reply #3 on: March 22, 2013, 10:44:38 AM »
Thanks for the reply !

At my side, my CoreSwitch only containt an average of 960 MAC.

And as mentionned, it appear only with 1 MAC address.

Maybe i'll try to change the port, something like that. I don't see any connectivity drop on that port however.

I'll post further testing when I'll be able to perform them.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Flooding Unicast and Mac address table
« Reply #4 on: March 24, 2013, 10:04:34 AM »
Are there any port mirrors currently configuration and/or enabled?

Depending on the hardware and software sometimes a port mirror will mirror create this type of oddity to port on the same OCTAPID (ASIC) again depending on the software and hardware.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Guillaume

  • Full Member
  • ***
  • Posts: 59
Re: Flooding Unicast and Mac address table
« Reply #5 on: March 27, 2013, 11:51:59 AM »
No there is no mirorring port currently enabled.

Currently it's not my priority as it's not network breaking, but I'll do some test and let you guys know.

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 311
    • matzeks
    • Controlware GmbH - Germany
Re: Flooding Unicast and Mac address table
« Reply #6 on: March 28, 2013, 03:46:28 AM »
Btw, AVAYA recommend to set the MAC-Address aging time of 21601s on all their devices.

# ERS-2k/3k/4k/5k globally
mac-address-table aging-time 21601

# ERS-8k per vlan

good luck
------------------------------------------------------
ACE-Fx #00050

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Flooding Unicast and Mac address table
« Reply #7 on: March 28, 2013, 08:19:29 PM »
Btw, AVAYA recommend to set the MAC-Address aging time of 21601s on all their devices.

# ERS-2k/3k/4k/5k globally
mac-address-table aging-time 21601

# ERS-8k per vlan

good luck

Only ever seen that recommendation for their ERS 8600/8800 series...

I have seen software bugs create the problem being reported by @Guillaume, also seen issues with IGMP (if enabled) create similar problems.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 311
    • matzeks
    • Controlware GmbH - Germany
Re: Flooding Unicast and Mac address table
« Reply #8 on: March 30, 2013, 03:41:49 PM »
Regarding aging-time of 21601s for all edge devices, I got that information from AVAYA's service level engineers who have operated my service requests this and last year.
------------------------------------------------------
ACE-Fx #00050

Offline fbeaudoin0

  • Rookie
  • **
  • Posts: 1
Re: Flooding Unicast and Mac address table
« Reply #9 on: February 28, 2019, 05:42:01 PM »
Did you find a solution for this issue?
I'm admin of a new place and they have alot of nortel/avaya switchs with the exact same problem as you described.