[mrtg] Re: Any ethernet switch which always floods?

SHOLAAS Margaret G Margaret.G.SHOLAAS at ris.lane.or.us
Fri Oct 19 02:29:43 MEST 2001


We considered setting up a script to do that, but concluded we couldn't do
it fast enough. Say the switch's forwarding table iss empty and a SYN comes
in port 1 from station A to station B. That packet would get flooded to all
ports. The switch would then create a forwarding table entry indicating
station A is on port 1. Then the SYN-ACK comes in port 2 from station B to
station A. The switch looks up station A in the forwarding table, finds it
listed as accessible via port 1, forwards that packet only to port 1 instead
of flooding, and so the Sniffer, IDS, etc. miss it. The response often comes
back in milliseconds, so we could never flush it fast enough to keep from
missing packets. I just wish there were a way to disable keeping a
forwarding table, but so far there doesn't seem to be switch which allows
that, not surprising because apart from this weird application, you'd never
want it to do that.

We were also hoping we could set the forwarding table timeout to 0 so an
entry it would timeout the moment it got in there, but we couldn't find a
way to set it on the Cisco 3500XL.

Thanks for thinking about this for me!

-----Original Message-----
From: Josh Howlett

It just occured to me you could force flooding by flushing
the bridge table on the switch whenever it learns anything.  With an
empty bridge table the switch *must* repeat out on every port.  Or maybe
would this force the switch into the learning state, in which this
wouldn't be of much use.

In any case, automating this wouldn't be that easy, tho not impossible.

josh.


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list