adam's notes

Network Loop and Broadcast Storm Issues

Network loop is where flooded frames circulate the network perpetually.

  • Caused by:
    • switches flood broadcasts out all ports
    • frames go down one link to the next switch
    • switch sends the broadcast back up the redundant link back to originating switch
    • as this process occurs, switch sees source MAC addresses associated with multiple ports
    • they clear the MAC table mapping, causing flooding unicast traffic
  • without intervention, loop will continue indefinitely causing a broadcast storm
    • will cause network utilization to go to near max capacity and CPU utilization of switches to jump to 80%+
    • makes switched segment effectively unusable
    • may quickly consume all link bandwidth and crash network appliances
  • if there is a loop, spanning tree should shut down the port
    • isolates the problem to a segment of the network
    • inspect physical ports that correspond to the disabled interfaces for looped connections
    • check the switch for log events related to MAC address flapping
  • if a broadcast storm occurs on a network with spanning tree, investigate potential causes:
    • verify compatible versions of Spanning Tree Protocol or Rapid Spanning Tree Protocol are enabled on all switches
    • verify physical configuration of segments that use legacy equipment such as ethernet hubs
    • investigate networking devices in the user environment and verify that they are not connected as part of a loop
      • typical problems: unmanaged desktop switches and VoIP handsets

Graph View

Backlinks