[mrtg] Re: Any ethernet switch which always floods?

tony bourke tony at vegan.net
Fri Oct 19 11:24:12 MEST 2001 

Another solution you may want to consider is using one SPAN on a port (I
agree, SPAN in my experience in high trafficed sites didn't impact
perforamnce) and using a non-Cisco switch.  It might have changed, but I
recall that Cisco switches couldn't do spanning on more than one port.
There are switches, however, that do offer port mirroring on more than one
port.  Alteon ACEswitch, Foundry NetIron, and Extreme Networks are all
switch manufactueres that offer multiple port mirroing.

You could run traffic in-then-out of one of these stackable switches (they
should be able to handle the traffic and port mirroring without issues)
and port mirroing the other ports.  Or you could plug one of these
switches into a SPAN port and distribute the full-duplex (non-collision
detection) traffic via one of those switches rather than a hub.

Tony


On Thu, 18 Oct 2001, SHOLAAS Margaret G wrote:

>
> We considered setting up a script to do that, but concluded we couldn't do
> it fast enough. Say the switch's forwarding table iss empty and a SYN comes
> in port 1 from station A to station B. That packet would get flooded to all
> ports. The switch would then create a forwarding table entry indicating
> station A is on port 1. Then the SYN-ACK comes in port 2 from station B to
> station A. The switch looks up station A in the forwarding table, finds it
> listed as accessible via port 1, forwards that packet only to port 1 instead
> of flooding, and so the Sniffer, IDS, etc. miss it. The response often comes
> back in milliseconds, so we could never flush it fast enough to keep from
> missing packets. I just wish there were a way to disable keeping a
> forwarding table, but so far there doesn't seem to be switch which allows
> that, not surprising because apart from this weird application, you'd never
> want it to do that.
>
> We were also hoping we could set the forwarding table timeout to 0 so an
> entry it would timeout the moment it got in there, but we couldn't find a
> way to set it on the Cisco 3500XL.
>
> Thanks for thinking about this for me!
>
> -----Original Message-----
> From: Josh Howlett
>
> It just occured to me you could force flooding by flushing
> the bridge table on the switch whenever it learns anything.  With an
> empty bridge table the switch *must* repeat out on every port.  Or maybe
> would this force the switch into the learning state, in which this
> wouldn't be of much use.
>
> In any case, automating this wouldn't be that easy, tho not impossible.
>
> josh.
>
>
> --
> Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
> Archive     http://www.ee.ethz.ch/~slist/mrtg
> FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
> WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi
>

-- 
-------------- -- ---- ---- --- - - - -  -  -- -  -  -  -   -     -
Tony Bourke				tony at vegan.net



--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list