I don't suppose you have some centrally managed switch that's a little
bit more capable? Maybe even just a partial step up like an inexpensive
managed HP procurve? It doesn't have to be a top of the line switch.
If not, can you collect stats in some way from your netgears and graph
them? (port stats). If you could do that, you could have historical data
to look at immediately before the bottom fell out which would point you
at least in the right direction/segment on your network. The traffic
stats should converge on a port or set of ports with high traffic. If
you have SNMP, even better, because you can discriminate the multicast
vs the non-multicast traffic with just a couple of queries and graph it.
Lastly, there's netflow, if your switches support it. You can spend a
modest amount on a collector/analyzer and figure out your sources and
destinations at the IP address level. If it's not an IP level issue, you
might not discover anything, though.
On 7/11/2016 5:34 PM, Gilbert Wilson wrote:
Last week our network was intermittently brought to it’s knees for short
periods of time because of what appeared to be unicast packet storms. What we
experienced looked almost exactly like this:
https://supportforums.cisco.com/discussion/12395006/packet-storm-c3750x
Another person who saw the same thing pinpointed it to faulty Apple Thunderbolt
Displays (which we do have plenty of on our network):
https://discussions.apple.com/thread/6443650?start=0&tstart=0
I’ve tried to search for the garbage hardware addresses in our switch address
tables, but the results come up blank. I don’t know why it comes up blank, but
assume it has something to do with the nature/character of the packet storm to
begin with. For instance, I *think* I read somewhere a long time ago that
Netgear Smart switches will devolve to dumb hubs if they are spammed with too
many hardware addresses in a short period of time. If that’s the case, I could
see that contributing to the problem.
Given the limitations of my Netgear Smart Switches what other tools and
techniques would you use to try to track down the source of this kind of
traffic? Any pointers are most appreciated!
Gil
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
