CCIE RS – Written – Network Principles – Explain General Network Challenges

Explain General Network Challenges


Unicast Flooding

  • Occurs when destination MAC address of the packet is not in the L2 forwarding table of the switch
  • Packet is forwarded out all forwarding ports in that VLAN except the originating port packet was received on
  • Reasons MAC address many not be known
    • Asymmetric routing
    • STP Topology Changes
    • Forwarding Table Overflow

How to Detect

  • No special commands used to detect flooding
  • Unicast Flood Protection – allows switch to monitor amount of unicast flooding per VLAN and take a specified action if flooding exceeds specified amount
  • Actions
    • Syslog
      • %UNICAST_FLOOD-4-DETECTED: Host 0000.0000.2100 on vlan 1 is flooding
        to an unknown unicast destination at a rate greater than/equal to 1 Kfps
    • Limit or shutdown VLAN
  • Show mac-address-table unicast-flood
  • Captures during time of slowdown / outage
    • See packets that are not destined for the workstation

Asymmetric Routing

  • Packets follow different paths depending on the traffic direction
  • Approaches to limit flooding
    • Bring routers ARP timeout and switches forwarding table aging time close to each other
      • Scenario – L3 switch with HSRP configured to LB different vlans
  • Traffic does not stop flooding even after the destination replies

How to detect

  • Follow the routing path
  • Traceroutes

STP Topology changes

TCN – Topology Change Notification

  • Designed to correct the forwarding table after forwarding table changes
  • Used to avoid connectivity outages. If a port goes down and the destination is available over a different port.
  • TCN operates by shortening the forwarding table aging time and if the MAC address is not relearned flooding will occur
  • TCNs are triggered by a port transitioning to or from the forwarding state
  • Issues arise when TCNs are occurring repeatedly with short intervals
    • Switch is constantly fast-aging forwarding table so flooding will be nearly constant
  • Limit TCN’s with the use of portfast

Forwarding Table Overflow

  • New MAC addresses cannot be learned and packets destined to such MAC are flooded until space becomes available
  • Can be caused by an attack on the network where a host starts generating frames sourced with different MAC addresses
  • Detected by examining the switches forwarding table
    • MAC addresses will point to a single port
  • Prevent by limiting the number of MAC addresses that can be learned on an untrusted port
    • See Switchport Security
  • High amount of packets or normal packets with high number of different source MAC addresses

Out of Order Packets

Using per-packet load balancing to share the traffic load across available paths to a given destination can lead to out-of-order packets for a given data flow.


Impact of Microbursts

  • Patterns or spikes of traffic causing interfaces to ne temporally oversubscribed and drop traffic
  • Typically buffers can handle bursts of traffic. This is in excess the buffers can handle
  • Detect by looking at Total Output Drops under show interface
    • Drops increment but utilization stays the same
  • Burst of traffic occur in microseconds
  • Show up as ignores and/or overruns
    • Input errors on show interface
  • Detect by capturing traffic over a long period of time

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.