1.1.c Explain general network challenges
- 1.1.c [i] Unicast flooding
- 1.1.c [ii] Out of order packets
- 1.1.c [iii] Asymmetric routing
- 1.1.c [iv] Impact of micro burst
Unicast Flooding – LAN switches use layer 2 forwarding tables to direct traffic to a specific port based on the MAC address and VLAN of the received frame. When there is no entry for the destination MAC in the received frame the switch forwards it out all participating ports in that VLAN, essentially flooding the unicast frame.
Normal flooding operation is referred to as limited flooding, however when continuous flooding occurs, this can have a negative impact on network performance.
Asymmetric Routing– In the diagram below consider the following network topology:
Server 1 (S1) assigns its default gateway to Router A on VLAN 1
Server 2 (S2) assigns its default gateway to Router B on VLAN 2
This poses a problem because switch A will never see the MAC address of Server 2 because when server 2 sends its traffic to Router B, it will rewrite the source MAC address and forward it out VLAN 1 when it re-transmits the frame back onto the LAN.
This means every time switch A needs to send packets to the Server 2 MAC address, the packet will be flooded onto VLAN 2, the same problem will happen in reverse with the Server 1 MAC on switch B.
So whenever Server 1 does a large file transfer or system backup to Server 2, all hosts in VLAN 1 or VLAN 2 will receive ALL packets of that transfer due to the flooding of packets to the respective Server MACs in each direction.
This behavior is referred to as asymmetric routing and is a leading cause of unicast flooding.
To correct this type of behavior typically involves bringing a router’s ARP timeout and the switches forwarding table aging time closer to each other. This will cause ARP packets to be broadcast and in turn allow each switch to learn the MAC of each server so it doesn’t have to be flooded.
Relearning the MAC address before the broadcasted MAC entry timeout must occur.
Out of Order Packets – This can typically be caused by a traffic flow using multiple different speed paths to reach a destination. ECMP, Load balancing, and Asymmetric routing can cause this. Poorly configured queuing is also another reason.
This can have an adverse affect on TCP communications since a transmit and receive timer begins on both ends of TCP communications, if the packets don’t make it to their destination in time or at different varying times it could cause numerous retransmissions and inhibit flow performance.
Impact of Microburst – Micro bursts are patterns or spikes of traffic that take place in a short time interval (sub second) causing network interfaces to temporarily become oversubscribed and drop traffic. While bursty traffic is normal in networks, in some cases the spikes are more than the buffer or interface can handle.
Typical network monitoring systems do not pick these events up as these applications typically monitor traffic in intervals averaged over 5 mins or more.
Microbursts show up as output drops on interface statistics. Ultimately microbursts are a side effect of congestion at the sub second level of time, causing packets to be dropped during that sub second time interval. To correct this, multiple network analysis/monitoring tools and high frequency traffic analysis would be needed to determine what traffic is causing the microbursts.