Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

UDP flood HELP!

Status
Not open for further replies.
joan1971

joan1971

IS-IT--Management
Oct 24, 2011
4
GR
I have a large network of Baystack 380 and BPS2000 switches and two Passport8003 with MLT between them. They are spread through a wide area of the city and in past few months we have UDP flood incidents that we cannot deal with. There is no obvious reason apart from the fact that all UDP packets are originating in a group of PCs that use NetBIOS to exchange data with eachother.
The only way to stop it seems to be if we disconnect some of the backbone links that seem to be more affected. But I don't think that is a solution to the overall problem.
Can anyone help? Do you think it is cause by some "malfunction" of the spanning tree?
 
Sort by date Sort by votes
Are the Passports running SMLT/IST? You could try enabling rate limiting on the uplink ports if the traffic is multicast/broadcast. I'd also find the affected PCs and see what is causing them to generate that kind of traffic.
 
Upvote 0 Downvote
Thank you for your reply! I don't have SMLT or IST configured, so I think it's best that I disable NetBIOS from all the PCs that are broadcasting! Too bad they are about 130 PCs!!
:0)
 
Upvote 0 Downvote
It might be helpful to know more about the type of traffic.
Have you ever managed to get a packet capture during the flood?

 
Upvote 0 Downvote
Yes I have. Most of it, is the broadcasts that come from the switches themselves (they are refreshing their MAC/FDB every 5 minutes). These broadcast packets are caught in a loop somewhere (or so it looks like). So, if a logical loop is the case, it is likely that the Spanning Tree algorithm is not working.
But is it possible for the Spanning tree to stop working out of the blue, throughout an entire network (of 65 nodes)?
Because that is what looks like happening: The entire network floods and all nodes stop responding (obviously because they are overwhelmed with packets)!

The only way to stop the flood is to disconnect a few links. Once these links are off, everything goes back to normal. And it's not particular links. It could be any. We randomly start disconnecting and eventually the flood calms down.
Right now we have a working network but it lacks a lot of its redundancy...
:O(
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tre0307
  • Locked
  • Question
Need help with Upgrade recommendations
Replies
1
Views
233
Westi
Westi
michaelNWR
  • Locked
  • Question
Lucent Stinger FS+ password reset help
Replies
1
Views
68
Brat2
Brat2
mils562
  • Locked
  • Question
NORTEL 5510 config help
Replies
7
Views
151
mils562
mils562
Gonzouk
  • Locked
  • Question
Help with the Nortel 5520 switch
Replies
1
Views
111
MaCinTof
MaCinTof
pronei
  • Locked
  • Question
ERS5650 Route Policy Help
Replies
0
Views
41
pronei
pronei

Part and Inventory Search

Sponsor

Back
Top