Have a peculiar issue with NBNS (NetBIOS) flooding (X.X.X.255;ff:ff:ff:ff:ff:ff:ff) which causes drastic performance issues in our network. We found that if we failover our LTMs to a different Viprion chassis, the NBNS flooding stops. We've been able to replicate the same symptoms on our LAB LTM as well. On the "GREEN" chassis, its about 20-30pps. On the "BLUE" chassis it is about 2000pps. These numbers are from our LAB not from PROD, but I assume it is significantly higher in PROD. We saw significant increases in traffic (3-5Gbps) after failing the LTM over in PROD. We weren't tracking NBNS prior and can't really fail back to get that data if its going to cause impact. Looking a pcap from a device initiating some flooding, it looks like the only thing that happened before the flooding began was the device did an nslookup to which it got a "no such name" reply for, then tried to do LLMNR resolution, then started flooding NBNS. One thing that I notice is that the TTL of the NBNS packet starts at 128 and keeps flooding til it hits TTL 0 then rinse and repeat. This capture was done during a failover where the pps jumped significantly so we tried to catch the beginning of the event. Our LTMs are the gateways for of the affected VLANs. This occurs on every VLAN from what we can tell. The obvious things to look for are what are the differences between chassis, switching, etc etc. We haven't found anything yet. Wondering if anyone has seen similar behavior in their networks? I can't share the capture. It doesn't feel like looping behavior because literally the only thing that jumps in the graph is NBNS.
No comments:
Post a Comment