[mrtg] Re: Any ethernet switch which always floods?

SHOLAAS Margaret G Margaret.G.SHOLAAS at ris.lane.or.us
Wed Oct 17 00:02:21 MEST 2001

A hub is inherently half-duplex, and we don't want to throttle the
connections we're monitoring down to half-duplex. Also, when we use a tap to
eavesdrop on a full-duplex connection, the cables coming out of the tap into
the switch are output-only and not capable of dealing with collisions, so we
need the switch to do the buffering it does with full duplex connections.

What we're doing is inserting non-disruptive tap into a 100/full connection,
and taking the output of that (two cables, representing traffic in each
direction of that full duplex connection) and running it into a switch.
Actually we're doing that for several 100/full connections. Then we will
insert various monitoring tools (Sniffer, IDS, etc.) into ports on that same
switch, so they can all look at all the traffic that comes into the switch,
as well as using MRTG to gather switch statistics for one of those
output-only ports. We can do what we want with mirroring, but flooding is
more efficient and takes less of a hit on the processing power of the
switch, especially since we want to mirror everything that comes in to
SEVERAL (effectively output-only) ports. Flooding works perfectly for this;
everything that comes in, goes out everywhere. Unfortunately after the
switch sees a packet from one address coming in a port, it thinks that
address "lives" on that port, so when a packet comes in another port
addressed to that address, it doesn't flood the packet anymore (therefore
the Sniffer, etc. doesn't see it) but merely forwards it out the port where
it thinks that address "lives."

Thanks for thinking about this for me!

-----Original Message-----
From: Larry Sheldon [mailto:lsheldon at creighton.edu]
Sent: Tuesday, October 16, 2001 2:47 PM
To: Margaret.G.SHOLAAS at ris.lane.or.us
Cc: mrtg at list.ee.ethz.ch
Subject: Re: [mrtg] Any ethernet switch which always floods?

> Please excuse the not-obviously-related-to MRTG question here. Does anyone
> know of an 10/100 half/full Ethernet SWITCH (not hub) which can be
> configured NOT to learn which ports addresses live on, so that it ALWAYS
> floods whatever packets it receives to ALL ports?

I hate to sound argumentative, but you are describing a "hub".

A "switch" is a multi-port bridge, and the defining characteristic is the
business of learning what needs to go where.

What it the problem you need to solve?

.                                                                       .
- L. F. (Larry) Sheldon, Jr.                                            -
. Unix Systems and Network Administration                               .
- Creighton University Computer Center-Old Gym                          -
. 2500 California Plaza                                                 .
- Omaha, Nebraska, U.S.A.  68178       Two identifying characteristics  -
. lsheldon at creighton.edu                  of System Administrators:     .
- 402 280-2254 (work)                Infallibility, and the ability to  -
. 402 681-4726 (cellular)               learn from their mistakes.      .
- 402 332-4622 (residence)                                              -
. http://www.creighton.edu/~lsheldon    Adapted from Stephen Pinker     .

Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list