Did you by any chance have multiple isl links between that switch and
the core router?
It could be that when the switch fell off the rack that either some
cabling became dodgy or that the switch itself started failing and
causing stp to fail creating a broadcast loop across multiple isl
links in the dodgy switch.
you should not build networks with such an enormous broadcast domain.
buy some routers.
On 9/8/05, Gary Mansell <Gary.Mansell@xxxxxxxxxxx> wrote:
> Thanks very much for taking the time to respond to my question - I know
> it was probably a bit off topic for this list but I was a bit stuck
> trying to find where to ask the question. If you or anyone can point me
> in the direction of a more suitable list to ask the question then I
> would be grateful.
>
> Back to the point - the machines that were doing all of the ARP's where
> not on the dodgy switch and the machines that were being ARP'ed were not
> on the dodgy switch either - this is why it is a bit of a mystery to me.
> I know that in at least two cases, one of the ARP'ing machines was
> repeatedly (hundreds of times in a few seconds) trying to ARP an IP
> address that did not exist on the network anymore, I am not sure if all
> of the machines that were ARP'ing were trying to ARP non existent IP's,
> though (my guess would be not).
>
> It seems to me that an electrical problem with the dodgy switch was
> causing machines elsewhere on the network to keep ARP'ing repeatedly the
> same IP address but I have never seen this before and cannot understand
> why.
>
> Regards
>
>
>
> On Thu, 2005-09-08 at 00:23 -0700, Guy Harris wrote:
>
> > Gary Mansell wrote:
> >
> > > It would seem that dodgy network connections in this switch caused by
> it
> > > hanging by the UTP cables was causing numerous machines around the
> > > network to create hundreds of ARP requests every minute or so.
> > >
> > > Please can someone explain to me why this was happening.
> >
> > I can't give an authoritative explanation, but if machines on the
> > network were trying to contact machines on the switch that was hanging
> > by its cables, and the ARP entries for that host had timed out, perhaps
> > the other machines on the network were sending out ARP requests for the
> > machines on the troublesome switch, failing to get any response, and
> > trying again.
> >
> > I wouldn't expect a 3000 packet/second ARP storm for that, however.
> > (Even 50-70 ARPs per second seems a bit high, although with 1000 hosts
> > and a 20-second ARP timeout and a uniform distribution of ARP entry
> > timeouts, I guess you could get 50 ARPs/second.)
> >
> > What were the IP addresses being ARPed for? Were they addresses for
> > hosts on that switch? Or were the machines *sending* the ARPs machines
> > on that switch?
>
> --
>
> Gary Mansell
> Technical Computing Team Leader
> IT Department
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ricardo UK Direct Line: 01273 794485
> Shoreham Technical Centre, Switchboard: 01273 455611
> Shoreham By Sea, Facsimile: 01273 794699
> West Sussex. Internet: www.ricardo.com
> BN43 5FG E-Mail: Gary.Mansell@xxxxxxxxxxx
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> --
>
> This e-mail and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this e-mail in error please notify the sender
> immediately
> and delete this e-mail from your system. Please note that any views or
> opinions
> presented in this e-mail are solely those of the author and do not
> necessarily
> represent those of Ricardo (save for reports and other documentation
> formally
> approved and signed for release to the intended recipient). Only Directors
> or Duly Authorised Officers are authorised to enter into legally binding
> obligations on behalf of Ricardo unless the obligation is contained within
> a Ricardo Purchase Order.
>
> Ricardo may monitor outgoing and incoming e-mails and other
> telecommunications
> on its e-mail and telecommunications systems. By replying to this e-mail
> you
> give consent to such monitoring. The recipient should check this e-mail
> and
> any attachments for the presence of viruses. Ricardo accepts no liability
> for
> any damage caused by any virus transmitted by this e-mail. "Ricardo" means
> Ricardo plc and its subsidiary companies.
>
> Ricardo plc is a public limited company registered in England with
> registered
> number 00222915.
> The registered office of Ricardo plc is Bridge Works, Shoreham-by Sea,
> West Sussex, BN43 5FG.
>
>
>