Want To Read More?

Controlling Relays With A Raspberry Pi From Your Phone

John Keen 19/12/2021

TrueNAS 12 & ESXi Home Lab Storage Design

John Keen 05/12/2021

Home Network Tour: 2021 Edition

John Keen 24/11/2021

Using Siri + Apple HomeKit with Home Assistant

John Keen 10/11/2021

Ubiquiti NanoBeam AC Gen2 – Long Term Review

John Keen 02/10/2021

Cable Management In My Home Office [vlog]

John Keen 25/09/2021

How To Backup Your NAS To An Encrypted Disk

John Keen 18/09/2021

unRAID Writes Speed Boost Without Cache Disk

John Keen 11/09/2021

Raspberry Pi for Security Camera Object Detection

John Keen 23/08/2021

Blue Iris Security Camera Software – First Impressions

John Keen 28/11/2019

Apple (2)
- OSX (1)
Cisco (6)
- CCNP R&S (6)
Games (6)
Home Automation (2)
Linux/Unix (12)
- Debian (2)
- Raspberry Pi (4)
- TrueNAS (1)
- Ubuntu (2)
- unRAID (2)
Networking (3)
Programming (6)
Security Cameras (2)
- NVR & Software (2)
Storage (6)
Uncategorized (1)
Virtualization (10)
- ESXi (6)
- Proxmox (1)
- XCP-ng (1)
Web Development (3)
- Elementor (1)
- WooCommerce (1)
- WordPress (3)
Windows Server (16)

CCNP R&S 002: Unicast Flooding

Unicast Flooding occurs when a frame enters the switch destined to a MAC address unknown to the CAM table on the VLAN. The switch will flood the unicast frame out of every port on the respective VLAN expect the one it entered on.

It’s normal for some traffic on the network to be Unicast Floods as it’s part of the learning process to fill switches CAM tables. However some situations may result in excessive unicast flooding traffic and result in a negative impact on performance.

Causes of Excessive Flooding

The cause of excessive flooding is the switch not having an entry in it’s CAM table for the destination MAC address. Below I explain the three main causes for Unicast Flooding.

Asymmetric Routing

Asymmetric Routing occurs when the path to the destination differentiates from the return path. Illustrated below:

Throw in some low bandwidth links and you have a recipe for trouble. Flooding will stop once PC-1 has sent a broadcast packet but the entry in the CAM table will time out and flooding will resume. Other causes of Asymmetric Routing are FHRPs (VRRP, HSRP, GLBP) and hot potato routing. The solution is to set the ARP timeout to be less than the switches CAM forwarding table timeout. Therefor the ARP packets will be broadcast and the switch will relearn them before the CAM table entry for PC-1 disappears.

Spanning-Tree Protocol (STP) Topology Changes

A Topology Change Notification (TCN) happens when a port on a switch transitions to or from the forwarding state. TCNs are responsible for correcting the forwarding tables after a topology change. They cause the forwarding table entries in the CAM to age much faster, therefor making them time out.

Unicast Flooding may occur in a situation where TCNs are happening often. One possible cause of this is a flappy port. Remember kids, no one wants a flappy port.

STP Portfast enabled ports won’t cause TCNs, therefor a properly configured switch on the access layer won’t cause TCNs when client devices are connected/unplugged.

Forwarding Table Overflow

Forwarding Table Overflow is caused by too many devices on your network for the switches CAM to handle. However this is rare as modern switches have very large CAM to support large forwarding tables.

Another cause of this is a Forwarding Table Overflow Attack. This is where a host is generating many frames with different source MAC addresses. These addresses populate the Forwarding Table, eventually filling the CAM. The result is flooding of packets with a destination MAC that is no longer able to fit in the Forwarding Table. Cisco Switches have features to prevent against such attacks. Said features are explained here.

Share this post

This Post Has One Comment

Pingback: CCNP R&S 004: Asymmetric Routing - JohnKeen.tech

JohnKeen.tech