• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Excessive network traffic - Packets with other destinations

Hi,

Yesterday the flooding control on the cisco 2950t switch kicked in so I had a look at the bandwidth graphs using CNA. Usually we get around 1-2mbit/s of our own traffic, but it was up to 18mbit/s.

Port statistics shows that the switch is mostly receiving unicast traffic, none of which is transmitted of the fabric.

Adding an ACL to the port with our providers uplink to block all but traffic coming from my home IP shows that all of the incoming traffic was not destined for any of our servers as it still kept coming.

Spanning the port to a machine on the net and using tcpdump showed that every packet had a destination IP which was not in our block but was rather destined or sourced from an IP somewhere else on our providers network.

Contacting our provider, they said that there's not much they can do short of allocating our own VLAN (which would involved renumbering).

My question really is that how are unicast packets with a different destination still ending up at my switch. I can understand multicast and broadcast. Also, would this be a routing issue within my providers network or is this just something everyone has to live with?

Thanks,

T. Ballantine
0
Alcedema
Asked:
Alcedema
  • 3
  • 3
1 Solution
 
JFrederick29Commented:
This is normal behavior as they are running multiple IP subnets on the same physical network (VLAN) so you will receive broadcast, multicast and unicast flooded traffic for every subnet that resides on the same VLAN.  This is why they are telling you that they can put you in your own VLAN to isolate you from other subnets.  There isn't anything you can do on your end.  My Internet connection at home is the same way.
0
 
harbor235Commented:

Is your service provider routing that traffic to you? If they have a looking glass/route server you can lookup up the prefix in question and see how they route that traffic. If is hitting your edge then your service provider has to route it to you. Who is your service provider and what is the destination?

harbor235 ;}
0
 
AlcedemaAuthor Commented:
JF:
Thanks. Would you know if there's a down side to them setting me up on my own vlan? They do all of our routing for us, we've just got a switch and a range of their IPs.  The way they gave the VLAN as an option was seemingly "at last resort".

harbor:
As above, they do all of the routing, we just use them as our uplink. I must admit I'm not a whiz when it comes to layer 3. Another above or below I'm fine with ;) We're currently with Poundhost (.com) and the destinations (and/or sources) are IPs also belonging to them. It's not just a couple of the same IPs, it's loads.

Thanks.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
JFrederick29Commented:
Actually, being in your own isolated VLAN would be a benefit technically with the only downside being that they may charge you for this "option".
0
 
JFrederick29Commented:
Well, the other downside being what you already know....your IP address block will change but that's what DNS is for :)
0
 
AlcedemaAuthor Commented:
Going ahead and changing over to an isolated vlan for a one-off fee. Hopefully have next to nothing encroaching on our network afterwards.

Thanks for your help.
0
 
AlcedemaAuthor Commented:
Thank you :)
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now