Re: ARP weirdness.

2017-11-10 Thread Ken D'Ambrosio 
I'm guessing it was some sort of broadcast storm.  Though a very 
confusing one -- if I unplugged the cable, it stopped.  Plug it back in, 
and lo!  Starts again.  However, I finally gave up trying to supply the 
VLAN to the Linux box by way of a trunk, and just plugged the 
(still-tagged) interfaface straight in... and all was fine.  So I guess 
I don't care (the box has, like, a zillion interfaces), but I'm still 
pretty darn confused by it.

-Ken

On 2017-11-10 18:48, Ben Scott wrote:
> On Wed, Nov 8, 2017 at 4:49 PM, Ken D'Ambrosio  wrote:
>> Ubuntu box acting as a router for some subnets.
>> 
>> [192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN->
>> [router @ 192.168.200.1]
> 
> So, to clarify, the Ubuntu box is at .1?  What is .12?
> 
> Can you give a concise description of what else is on the VLAN?
> 
>> The link is getting utterly spammed with ARP requests for
>> 192.168.200.12.
> 
> How are you determining this?  Packet sniffer?  If so, where?
> 
> Are these ARP requests originating from the .1 box?  You have verified
> this by MAC address of the sending system?  If you unplug .1 to test,
> does the flood stop?
> 
> One thought that immediately occurs to me is a broadcast loop.  Any
> chance of a physical loop (e.g., cable plugged into two switch ports
> on the same VLAN)?  Are you running spanning tree any/everywhere?
> 
> What are the switches?  Any particular config applied to the VLANs,
> beyond the VLAN itself?  Any weird config applied to the switch in
> general?
> 
> -- Ben
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ARP weirdness.

2017-11-10 Thread Ben Scott 
On Wed, Nov 8, 2017 at 4:49 PM, Ken D'Ambrosio  wrote:
> Ubuntu box acting as a router for some subnets.
>
> [192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN->
> [router @ 192.168.200.1]

So, to clarify, the Ubuntu box is at .1?  What is .12?

Can you give a concise description of what else is on the VLAN?

> The link is getting utterly spammed with ARP requests for
> 192.168.200.12.

How are you determining this?  Packet sniffer?  If so, where?

Are these ARP requests originating from the .1 box?  You have verified
this by MAC address of the sending system?  If you unplug .1 to test,
does the flood stop?

One thought that immediately occurs to me is a broadcast loop.  Any
chance of a physical loop (e.g., cable plugged into two switch ports
on the same VLAN)?  Are you running spanning tree any/everywhere?

What are the switches?  Any particular config applied to the VLANs,
beyond the VLAN itself?  Any weird config applied to the switch in
general?

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

ARP weirdness.

2017-11-08 Thread Ken D'Ambrosio 
Hey, guys.  Have an Ubuntu box acting as a router for some subnets.  I 
have one VLAN, 1302, on which subnet 192.168.200.0/24 resides.  The 
network looks a bit like this:

[192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN-> 
[router @ 192.168.200.1]

The link is getting utterly spammed with ARP requests for 
192.168.200.12.  Tens of thousands a second.  AND it's also getting 
spammed (at a much reduced rate) with ARP responses.  That, in-and-of 
itself is already pretty confusing.  But what trumps it is the fact that 
the Linux box *already has 192.168.200.12 and the corresponding MAC in 
its local ARP table*.  Thus precluding the need to even make ARP 
requests, much less tens of thousands a second.  The box has been 
booted; it made no apparent difference.

W. T. F.

I'm kinda stumped on this, and would gladly accept any ideas...

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/