• September 21, 2018, 02:30:59 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: DNS Issue / Broadcast Storm  (Read 3403 times)

0 Members and 1 Guest are viewing this topic.

Offline umair

  • Rookie
  • **
  • Posts: 9
DNS Issue / Broadcast Storm
« on: September 04, 2016, 11:40:07 AM »
Dear All,

I m facing a weird issue, its giving me headache every day. DNS name resolution stops for few minutes and than start working again. It seems my Nortel switches 2 x 5520 PWR are not properly configured and having broadcast storm. I m attaching couple of screenshots and wireshark captures, please help me i m newbie in Nortel world.

I have two local subnet 1 for data and 1 for voice, avaya phones are not configured in any vlan. i dont know concept of PVID in nortel.




TIA....
Umair   


Offline TankII

  • Hero Member
  • *****
  • Posts: 542
Re: DNS Issue / Broadcast Storm
« Reply #1 on: September 08, 2016, 12:21:32 PM »
Have you enabled spanningtree learn fast on all ports in case someone is looping the network?
Set the bridge timer to 21601 on a per VLAN basis to keep the MAC re-learning to a minimum.

Basic Avaya L-2 Networking:
PVID is the base VLAN ID for a port.  So, if you are running tagged and untagged (Access) VLANS for VOIP, you want your access VLAN to be the PVID.  The phones will need to jump onto the tagged vlan.  So, assume VLAN 1 is for data, the PVID will be 1.  Voice, being something else (say 2), will not be PVID on any port a phone will plug into.

There are plenty of posts you can research here that include full configuration guides with the associated steps to help you understand the Avaya concepts.

TankII


Offline orgitnized

  • Jr. Member
  • **
  • Posts: 40
Re: DNS Issue / Broadcast Storm
« Reply #2 on: September 12, 2016, 02:29:29 PM »
I don't see anything indicative of a broadcast storm, based on your pcap.
What makes you think your switch is the issue and not something else?

Offline umair

  • Rookie
  • **
  • Posts: 9
Re: DNS Issue / Broadcast Storm
« Reply #3 on: September 20, 2016, 09:50:36 AM »
I don't see anything indicative of a broadcast storm, based on your pcap.
What makes you think your switch is the issue and not something else?

In Pcap so many ARP broadcast and its repeating for same addresses. This makes me think of broadcast storm.
 

Offline umair

  • Rookie
  • **
  • Posts: 9
Re: DNS Issue / Broadcast Storm
« Reply #4 on: September 22, 2016, 01:22:04 AM »
Have you enabled spanningtree learn fast on all ports in case someone is looping the network?
Set the bridge timer to 21601 on a per VLAN basis to keep the MAC re-learning to a minimum.

Basic Avaya L-2 Networking:
PVID is the base VLAN ID for a port.  So, if you are running tagged and untagged (Access) VLANS for VOIP, you want your access VLAN to be the PVID.  The phones will need to jump onto the tagged vlan.  So, assume VLAN 1 is for data, the PVID will be 1.  Voice, being something else (say 2), will not be PVID on any port a phone will plug into.

There are plenty of posts you can research here that include full configuration guides with the associated steps to help you understand the Avaya concepts.

TankII


Hi TankII,
 
bridge timer 21601 ??? u mean ma-address aging time ?? If yes than yeah its 21601 already. STP is configured as group 1 all vlans are in that all ports are fast learning.

Offline orgitnized

  • Jr. Member
  • **
  • Posts: 40
Re: DNS Issue / Broadcast Storm
« Reply #5 on: September 26, 2016, 03:57:11 PM »
I don't see anything indicative of a broadcast storm, based on your pcap.
What makes you think your switch is the issue and not something else?

In Pcap so many ARP broadcast and its repeating for same addresses. This makes me think of broadcast storm.
Fair statement.  Around 10% of your packets are ARP, and that's over the course of ~8 minutes or so.  That leaves you at like ~200 ARP broadcasts per minute, which wouldn't be a storm.  I could be wrong, and you could have a different trace file, but in that trace, I'm not seeing it.  I've seen my share of broadcast storms and many of them are sending out a much higher amount.

There are other things you could examine, like your spanning tree setup with edge ports, or even the first step for me...starting with what the logs on the switch says.
Do you have any kind of network layout or additional information on this?

Offline orgitnized

  • Jr. Member
  • **
  • Posts: 40
Re: DNS Issue / Broadcast Storm
« Reply #6 on: September 26, 2016, 06:31:30 PM »
Also, given that your DNS settings may be the cause here, try a couple of changes on your network for your forwarders (on the server screenshot you posted).
  • Get rid of all of them and then restart your DNS server since you don't need them at all
  • If you want to keep them, then only keep 8.8.8.8 and 8.8.4.4 and see if you have the same issues
After that, examine the logs on your DNS server itself when this happens next time and add it to the reply here.
Thanks
P.S. For the record, again, you don't need the forwarders depending on your setup.  Are there times you do?  You'd have to tell me - point is, you can resolve everything without forwarders, right out of the box.  Maybe your network security would call for them, or if you needed them for a specific Google-based setup with Chromebooks - but again, not needed for DNS resolution itself.
Regardless, the top 2 DNS servers are questionable for me.  Maybe they're specific to your ISP and your ISP blocks queries outside of its own network.  Sure, could be.  Either way, since you are having DNS issues, please use known working DNS servers like the Google pair that you have underneath if you must have forwarders present.

Offline umair

  • Rookie
  • **
  • Posts: 9
Re: DNS Issue / Broadcast Storm
« Reply #7 on: October 15, 2016, 07:42:39 AM »
I don't see anything indicative of a broadcast storm, based on your pcap.
What makes you think your switch is the issue and not something else?

In Pcap so many ARP broadcast and its repeating for same addresses. This makes me think of broadcast storm.
Fair statement.  Around 10% of your packets are ARP, and that's over the course of ~8 minutes or so.  That leaves you at like ~200 ARP broadcasts per minute, which wouldn't be a storm.  I could be wrong, and you could have a different trace file, but in that trace, I'm not seeing it.  I've seen my share of broadcast storms and many of them are sending out a much higher amount.

There are other things you could examine, like your spanning tree setup with edge ports, or even the first step for me...starting with what the logs on the switch says.
Do you have any kind of network layout or additional information on this?


Hey bbinder, Sorry for replying late, i was on vacation, attaching some logs and STP shots,

I have two switches in my LAN interconnected with a single port. Let me know if u need any other info.

TIA
 

Offline umair

  • Rookie
  • **
  • Posts: 9
Re: DNS Issue / Broadcast Storm
« Reply #8 on: October 15, 2016, 07:53:50 AM »
Also, given that your DNS settings may be the cause here, try a couple of changes on your network for your forwarders (on the server screenshot you posted).
  • Get rid of all of them and then restart your DNS server since you don't need them at all
  • If you want to keep them, then only keep 8.8.8.8 and 8.8.4.4 and see if you have the same issues
After that, examine the logs on your DNS server itself when this happens next time and add it to the reply here.
Thanks
P.S. For the record, again, you don't need the forwarders depending on your setup.  Are there times you do?  You'd have to tell me - point is, you can resolve everything without forwarders, right out of the box.  Maybe your network security would call for them, or if you needed them for a specific Google-based setup with Chromebooks - but again, not needed for DNS resolution itself.
Regardless, the top 2 DNS servers are questionable for me.  Maybe they're specific to your ISP and your ISP blocks queries outside of its own network.  Sure, could be.  Either way, since you are having DNS issues, please use known working DNS servers like the Google pair that you have underneath if you must have forwarders present.

Hey bbinder,

I have removed extra forwarders and kept public DNS, u can see in this shot, but still issue is same, I checked DNS server event logs in time of failure but there is nothing there.
« Last Edit: October 15, 2016, 08:03:31 AM by umair »

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3838
    • michaelfmcnamara
    • Michael McNamara
Re: DNS Issue / Broadcast Storm
« Reply #9 on: October 15, 2016, 09:42:05 AM »
Issue: DNS name resolution stops working for a few minutes before it starts working again.

Q: Are you able to reach your local DNS servers during this timeframe? Can you ping them?

Q: The trace is from the perspective of your client or from the perspective of your DNS server?

You need to determine where the issue resides, between the client and local DNS, between your local DNS and the Internet forwarders you have setup.

I don't have time now but I will look at your trace later.

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline umair

  • Rookie
  • **
  • Posts: 9
Re: DNS Issue / Broadcast Storm
« Reply #10 on: October 16, 2016, 06:26:26 AM »
Issue: DNS name resolution stops working for a few minutes before it starts working again.

Q: Are you able to reach your local DNS servers during this timeframe? Can you ping them?

A: I can reach/ping to my local DNS server

Q: The trace is from the perspective of your client or from the perspective of your DNS server?
A: I am sorry, I didn't get you

You need to determine where the issue resides, between the client and local DNS, between your local DNS and the Internet forwarders you have setup.

I try to ping from my FW its resolving name from FW, after this FW i have Routers from service providers, it seems its some LAN issue. You can see my attached shots in this post for switches that i have in LAN.

I don't have time now but I will look at your trace later.

Cheers!