Saturday, September 5, 2020

Tips on finding vlan crosstalk in a large regional fiber/gpon network?

I saw an interesting spike in traffic today, it maxed out around 15gbps then fell off back to normal (6-10gbps) after about 30 minutes... The interesting part is I see the spike on our data vlans that go to customers (layer3 internet traffic) but I also see the spike on some of our other vlans that shouldn't be inside the same broadcast domain (different vlans) AND shouldn't be affected by internet traffic spikes or ddos (because they are on a different vlan, different VRF, and have private ip's with no routes going to or dumping into the customer public ip space.. The question is how in the hell do you find the cause? I've got netflow going to an elastiflow stack, i've got librenms polling everything I can and syslogs going to nms etc (a lot of that I still have to review, if I find it i'll just reply "found it" without giving any further details on here.../s LOL)



No comments:

Post a Comment