From: Rob Laidlaw (laidlaw@consecro.com)
Date: Fri Aug 29 2003 - 11:21:27 GMT-3
One nice thing about the HP switches is that if you enable the web interface
(would only do this to aid in this troubleshooting) the main page has a load
meter that shows the load of every port individually. Of course, if you
have no baseline data this may not help you very much but at least you'll
see if you have a port at 100% or close to it.
Rob
----- Original Message -----
From: "Charles Church" <cchurch@wamnet.com>
To: "SHARMA,MOHIT (HP-Germany,ex1)" <mohit.sharma@hp.com>;
<ccielab@groupstudy.com>
Sent: Friday, August 29, 2003 8:08 AM
Subject: RE: Broadcast storm- Please HELP
> Do the HP switches have port counters? If so, you should be able to track
> down the source. Check all ports and trunks that are in the same VLAN the
> router is. Once you find another port with lots of broadcasts, verify the
> device attached isn't the cause if it's a host, or it's not a
mis-configured
> router. A device dumping 10,000 broadcasts/sec onto a VLAN should be
pretty
> easy to find. Could it be ARPs caused by the recent worms?
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 703-819-3495
> cchurch@wamnet.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index
>
> -----Original Message-----
> From: SHARMA,MOHIT (HP-Germany,ex1) [mailto:mohit.sharma@hp.com]
> Sent: Friday, August 29, 2003 8:50 AM
> To: 'Charles Church'; ccielab@groupstudy.com
> Subject: RE: Broadcast storm- Please HELP
>
>
> Hi Charles and All,
>
> Thanx for your valuable inputs.
>
> Since it is one of our customers, they r using HP Swicthes :)
>
> The port config is here-
>
> interface FastEthernet0/1/0
> description Transit LAN
> ip address x.x.x.x 255.255.255.192
> ip access-group 191 in
> ip access-group 191 out
> no ip redirects
> ip route-cache flow
> ip ospf cost 12
> full-duplex
> no cdp enable
> standby 10 ip x.x.x.x
> standby 10 timers 5 16
> standby 10 priority 200
> standby 10 preempt
> standby 10 track GigabitEthernet9/0/0
> End
> With a sh int command -
>
> ----Received 248704130 broadcasts, 0 runts, 0 giants, 1 throttles
>
> ----Received 248735495 broadcasts, 0 runts, 0 giants, 1 throttles
>
> And within a second you can see the number of broadcasts received.
>
> Unfortunately I am also not able to use something like sniffer, because of
> the customer security requirements.
>
> I was looking for something that could help me identify, something on the
> router itself.
>
> Thanx,
>
> Mohit.
>
> -----Original Message-----
> From: Charles Church [mailto:cchurch@wamnet.com]
> Sent: Friday, August 29, 2003 2:37 PM
> To: SHARMA,MOHIT (HP-Germany,ex1); ccielab@groupstudy.com
> Subject: RE: Broadcast storm- Please HELP
>
>
> If you've got a Cisco switch going to the router, I believe you can limit
> broadcasts to a number per second or a percentage of bandwidth. Are they
IP
> broadcasts or something else? Once you've got the router somewhat
> protected, dig into your layer 2 device statistics and find the source(s).
> Rate limiting might be able to help also until you track down the source.
Is
> it possible it's a mis-configured IP helper statement or a spanning
> tree/bridging problem somewhere. Checking device logs might be helpful as
> well. Good luck.
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 703-819-3495
> cchurch@wamnet.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> SHARMA,MOHIT (HP-Germany,ex1)
> Sent: Friday, August 29, 2003 5:00 AM
> To: 'ccielab@groupstudy.com'
> Subject: Broadcast storm- Please HELP
>
>
> Hello All,
>
> I am facing a broadcast storm on one of our customer backbone routers. I
can
> see in the ethernet counter that it is receiving the broadcast at the
rate
> of more than 10000 packets per second.
>
> I already have net flow on the interface but 'm not able to find the root
> cause. I am scared that this storm may bring the router down.
>
> Can somebody please help or give some suggestions to deal with this
> situation.
>
> Thanks for your help.
>
> ____________________________________________________________________
>
> ****** _/ ****** | Mohit Sharma
> ***** _/ ***** | Network Operations Engineer
> **** _/_/_/ _/_/_/ **** | HP Operations
> **** _/ _/ _/ _/ **** |
> **** _/ _/ _/_/_/ **** |
> ***** _/ ***** |
> ****** ******* | email: mohit_sharma@hp.com
> |
> i n v e n t |
> _____________________________________________________________________
> "Choose a job you love, and you will never have to work a day in your
life."
> -Confucius
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:10 GMT-3