we have noticed a lot of extra wasted transport on ournetwork lately… each customers SM according to our IPswitch Whatsup gold software is getting 7.5kbps worth of traffic non stop. the software only poles once an hour so its not from our SNMP software. I want to blame it on broad cast due to the amount of broadcasts that are pressent on the SMs
we have setup a SM with nothing attached to check and make sure the customers are not causing it… it also happend to that SM
we are getting this on almost every SM on our network
our 900 system:
we have 3 sites with 6x60 clusters
some AP have up to 40 SMs attached and these AP when at least traffic are getting about 200 to 300k sec around 3 AM … would pass this by and think nothing of it but almost every AP shows this kind of load (relitive with the number of customers IE 20 customers we’d see 100 to 150k sec 40 customers 200 to 300k sec up and down)
we also see this on our 2.4 APs also (same distribution)
Our point to point is either PTP 600s or direct fiber to towers.
our IP/sub 10.10.x.x 255.255.0.0 (more room than needed, but didn’t want to make changes later)
we use 2 DHCP servers Prim. backup by heartbeat signal for redundacy
we have 3 ISP links for fault tollerance with a layer 4 switch to handle the routing (netgear GS724TR)
no security appliance for customer use
about half SMs are using nat majority of the rest have a router attached without nat from the SM to avoid double nat (xbox360 and some games do not work with double nat so we turn that off for some customers)
all APs and BH are in the same subnet, but are configured to only allow access from 3 computers in our office.
our APs for filters we have SMB, PPPoE and BOOTP server enable. and we have not yet tested the SM Isolation( i have a question about it also) Briding table is enabled, and broad cast is limited to 200k on all APs.
and for the life of me i cannot find the source of all of this extra traffic. and naturally customers are noticing and calling espectially on our most populated APs
any input would be great
Hi mgthump
broadcast storms are a potential problem in any bridged network.
First of all, I would suggest you to try to identify the source of brodcast.
You could analyze the IP traffic (e.g. using Ethereal on a pc connected to AP or SM or whatever node on the network segment) and look at the MAC address.
After that, assuming that the MAC is something directly connected through a NOT NATTED customer SM, you could search for every SM -> Statistics -> Bridging table or ARP in order to find the SM.
Please note that the MAC address itself can tell us something about the kind of device it is, just look at the first three octects and search here:
http://www.coffer.com/mac_find/
Good luck
Massimo
When running a bridged network, layer 2 isolation is absolutely essential. With a basic setup like yours this can be accomplished without changing your layer 3 topology by using fairly rudimentary switches that do port-based VLANs much like the CMM Micros.
Essential:
- SM Isolation (do not forward SM-destined packets) enabled
- “Uplink” port enabled on CMM Micro or similar if you’re using realest CMM or another switch (Moxa, etc)
- Aggregation switch should have the backhauls separated using port-based VLANs (like “port protected” on a Cisco)
I would strongly recommend placing all three sites on different VLANs. If you do not have a “real” VLAN capability the same thing can be achieved by applying physical separation via a router and setting each site to a different subnet like:
10.10.0.0 - 10.10.3.255 (10.10.0.0/22): tower 1
10.10.4.0 - 10.10.7.255 (10.10.4.0/22): tower 2
10.10.8.0 - 10.10.11.255 (10.10.8.0/22): tower 3