Broadcast storms

[Chopsy666]

Hi,

I am getting a huge amount of broadcast traffic on our network, a lot of broadcasts on arp, UDP 137 & 138, as well as IPX which we dont even use, Occasionally also browser election requests. as well as around 40% 'other' protocols in Ethereal. Our group of apple macs appear to be major contributers and i am considering VLAning these.

I can also see direct unicast traffic for other machines, does this indicate the switches have dropped into hub mode?

the network is one subnet (well two other small ones too, but i think irrelevant in this problem) switched, with one router as the default gateway. Occasionally also browser election requests.

I haver reduced the IPX traffic, as these were mainly from HP printers. Bit of an open question but Can any one tell me what Ethereal results should look like on a healthy network. should i still see arp broadcasts, UDP broadcasts etc.

Thanks

 

[KiscoKid]

As a rough figure, you should try and aim for no more than 100 broadcasts per second (you should be able to check this with Ethereal). You will always see ARP requests but you could cutdown on the UDP 137/138 traffic as this is simply traffic generated by the Browser service. You can cutdown simply by disabling the browser service.

You can help facilitate that by perhaps setting up scripts on people's windows login to map popular drives thus eliminating the need to use the browser service.

I use mapped drives and UNC (\\PCname\c$) for all my windows connectivity. I can't even remember the last time I had to ue the browser service to find a server and look what it was sharing. This is because the browser service is actually pretty poor and unreliable and the alternative methods to it are smarter and better.

You can also cutdown on arp's simply by introducing more layer2 or (VLANs) or layer 3 (IP subnets) segmentation.

 

[Chopsy666]

Thanks again KiscoKid,

I have been think about the VLan implementation, and have been reading up on them but i am still unsure on how to go forward.my thoughts are.

Each VLAN must be on a seperate subnet, I have only one router with one physical interface (but 1 primary & 2 secondary addresses) is is ok to use this.

The switches are HP, and there doesnt seem to be any great design here, for example. For the apple macs to get to the default gateway router they

go into their switch, which is wired to another, which in turn is to another which leads to the main switch. From the mainswitch their are several other swiches spidering off. If you travel to one of them, it is that, that is wired to the router. which then has a route to the firewall i guess, having to go back to the main switch and to the firewall then externally owned routers (which we cant touch).

If i wanted to set up a VLAN for the macs, will all switches in the LAN need configuring? also the switch allows implicit tagging, but do all switches need to be capable.

I presume it is o.k for a server to be a part of the VLAN aswell as the normal lan, as apparently the MACs use one server as gateway to other resources on the network as well as getting their 'Zone names'.

Thanks

 

[KiscoKid]

If you want to use implicit tagging, it's not strictly necessary all switches need support it. I trust you are aware of the differences between explicit and implicit tagging but your VLAN domain should be able to support either/or both together.

Implicit tagging is a lot more work to get setup at the begining as you need to know and capture all the MAC addresses in use on your network and create a VLAN database and assign VLANs against these MAC addresses. Once you've got past this initial piece of work, implicit tagging is a nice smart way of managing VLAN membership.

I think you are looking at having to configure all the switches to some degree. Unless one exists already, you will have to create a VTP domain and ensure all switches belong to this domain by configuring them accordingly. if you have switches that don't support implicit tagging, you'll have to use explicit tagging which involves predominantly configuring each switch port with an appropriate VLAN membership.

On your router you have there, I would recommend doing away with the multiple addressing you have going on at the moment. A better solution is to create virtual sub-interfaces on its LAN interface, configure trunking between its switch port and its LAN port and create a default gateway for IP subnet you want to deploy. This router will then become a multiple default gateway for all the VLANs you wish. You would simply create a new VLAN, ensure it is trunked to the switch, create a new sub-interface on the router and assign a new IP subnet to that sub-interface.

I hope this helps