Extreme Networks

Edwin · ‎04-21-2016

We are getting average of 1 pps and peaks of 60 pps of these packets, from Wireshark trace.

Please kindly share information on what is the cause of these broadcasts and how to minimize the frequency.

TIA.

Screenshots of Wireshark decode and IO graph below:

5cb74c14bb95440081ded7d93f80958f_RackMultipart20160421-66535-b2kn23-arp_001_inline.jpg

5cb74c14bb95440081ded7d93f80958f_RackMultipart20160421-4448-17w0crf-arp_002_inline.jpg

Edwin · ‎04-25-2016

Thank you Erik,

Do we know why the ARP requests for the subnet broadcast address are particular to the S-series?

We started seeing these packets only after replacing the N-series root and backup root switches under an upgrade program.

The N-series Configuration Guide states that IP-directed broadcasts are disabled in the default setting -- the configuration files did not have any reference to directed-broadcast.

The start of the N-series root switch config file is as shown below; I am still trying to secure copy of the config file for the S-series.

===================================================================

## Config File was imported 12-14-2015 09:24:21 from SWROOT (7C103) N3 Chassis ##

set banner motd "Configuration imported from SWROOT on 12-14-2015 09:24:21 running firmware rev DFE-P-6123-0003"
set ip address x.x.81.1 mask 255.255.0.0
set ip route default x.X.81.1

====================================================================

Edwin · ‎04-25-2016

As additional fyi that might provide more clarity for this query; the following are extracts from S-Series root switch config:

# ***** NON-DEFAULT CONFIGURATION *****
!
# Chassis Firmware Revision: 08.32.02.0008
!
# SLOT TYPE
# ___ ________________
!
# 1 SSA-G8018-0652
!
# modal configuration
!
configure terminal
!
interface vlan.0.2
ip address x.x.81.1 255.255.0.0 primary
no ip proxy-arp
no ip forwarding
no shutdown
exit
!
# ip interface
set ip interface vlan.0.2 default

Looks like no IP forwarding and the S-series switch does not have interface in the DMZ, only in VLAN-2.

There is also "no ip directed-broadcast" setting found in the "show config all"; so this feature is disabled, by default.

Can I use "ping x.x.255.255" to see if similar ARP requests are generated?

Looks like we just have to live with these subject ARPs.

Erik_Auerswald · ‎04-25-2016

As a quick test you could block SNTP on an S-Series using an ACL. You would lose time synchronization for that switch for the duration of this test.

Another possible test would be to generate a different directed broadcast packet and see if ARP requests are generated (note that ARP request generation is rate limited).

If there are other packets sent to the local broadcast address x.x.255.255, those should result in ARP requests from the S-Series as well.

You might want to take a look at the following GTAC Knowledge article (the 7100 switches use the same EOS as the S and K Series):

https://gtacknowledge.extremenetworks.com/articles/Solution/7100-series-switch-sending-syslog-messag...

I think you do not want the S-Series switches to act as routers. If the S-Series have interfaces in both the VLAN-2 and the DMZ, by default they would forward IP packets between both networks.

BTW, enabling directed broadcasts on SVIs is needed to send a directed broadcast from a different network to the SVI's subnet only. As I understand it the directed broadcast is generated inside the network it is destined for, no forwarding needed.

Edwin · ‎04-25-2016

PS. All known hosts have static pre-assigned IP addresses and host names are defined inside the "hosts" files.

Extreme Networks

Frequent ARP request broadcast for Who has x.x.255.255? from S-Series root switch in RSTP VLAN

Frequent ARP request broadcast for Who has x.x.255.255? from S-Series root switch in RSTP VLAN