Solved

How to gauge if broadcast traffic is a problem due to subnet size?

Posted on 2014-11-14
8
178 Views
Last Modified: 2014-12-09
So I took over a network recently where they using a very large subnet (10.4.0.0/16).  Of course a subnet can never be that large, but I didn't change it as they had a lot of servers and other devices in production and didn't want to change subnets.  They are now using about 350 IP Addresses from this subnet.  Infrastructure is Completely Cisco.  All switches are Cisco 3560G's.  What is a safe number to grow this subnet before I should start another VLAN?
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40442531
Same subject here.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40442534
The general rule of thumb is 20%.  That is, when broadcast traffic exceeds 20% of the total traffic, that's when you want to start looking at breaking up the network.

The first step is making sure you check the traffic during normal traffic. If you look at it in the middle of the night, you'll probably be way over 20% since there's not as much unicast traffic.

Because it's based on total traffic, switches can make this a bit of a challenge.  So what I like to do is check the interface statistics on trunks that see the most traffic.  Clear the counters first and then wait an hour.  Do a "show interface" on the trunks, divide total traffic by broadcast and you've got your number.  I like to check this at various times during the day over multiple days.
0
 
LVL 4

Author Comment

by:denver218
ID: 40442819
So what number do I divide by the number of broadcasts:

GigabitEthernet1/0/4 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 001b.d511.8d04 (bia 001b.d511.8d04)
  Description: TOP_3560G-48
  MTU 1530 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 3/255, rxload 4/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:19, output hang never
  Last clearing of "show interface" counters 00:15:56
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 15988000 bits/sec, 6113 packets/sec
  5 minute output rate 15661000 bits/sec, 5672 packets/sec
     6417526 packets input, 2451754699 bytes, 0 no buffer
     Received 427839 broadcasts (280131 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 280131 multicast, 0 pause input
     0 input packets with dribble condition detected
     5993425 packets output, 2412545171 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 50

Expert Comment

by:Don Johnston
ID: 40442844
6417526 packets input, 2451754699 bytes, 0 no buffer
     Received 427839 broadcasts (280131 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 280131 multicast, 0 pause input
     0 input packets with dribble condition detected

So in 15 minutes, you've received 6,417,526 packets of which 427,839 were broadcast. This puts the broadcast received on this port at 6%.
0
 
LVL 4

Author Comment

by:denver218
ID: 40442892
Thanks.  If I divide 6417526/427839 that equals 14.99.   How did you get 6%?  I must be missing something.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40442908
427839/6417526=.06
0
 
LVL 4

Author Comment

by:denver218
ID: 40442952
Ok, thanks.  So its broadcasts/packets input.  

So if I did another trunk port:

 1668527 packets input, 376258519 bytes, 0 no buffer
     Received 620 broadcasts (615 multicasts)

It would be 620/1668527 which would equal approximately 3.72% broadcast traffic right?
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40488695
Thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Management of Huawei B315 2 70
PoE Injector and switch 2 52
IP Jumping 6 70
Connecting to a laptop connected to a watchguard firewall via an SSL VPN Client 4 53
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question