[27618] in resnet
Re: SOHO WiFi routers and residential networking
daemon@ATHENA.MIT.EDU (Crowe, Sheila)
Thu May 3 14:52:05 2012
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_D0A43E8CC19B144398DFEC438095CB180E39DE0EB2EXCMSmsumonta_"
MIME-Version: 1.0
Message-ID: <D0A43E8CC19B144398DFEC438095CB180E39DE0EB2@EXCMS.msu.montana.edu>
Date: Thu, 3 May 2012 12:51:52 -0600
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: "Crowe, Sheila" <sheila@MONTANA.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <D9D0C3D6A031FD41B81047D41FDC129D0BCD6FDD89@DCEX07.bbbb.net>
--_000_D0A43E8CC19B144398DFEC438095CB180E39DE0EB2EXCMSmsumonta_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Based on the correct definition of /24, our subnets are not larger than 256=
IP addresses. Given that, I'm wondering how we were ever able to just use=
one subnet? We have well over than 300 devices connected at one time in a=
single subnet. Reckon they're counting on not everyone being connected at=
the same time, but that's pretty iffy in our larger dorms (~300 residents =
there). In Family Housing, at peak times of the year, we have more than 50=
0 users. Good Lord. If not enough IP space is the problem, I might open a=
vein. (My sense of humor is sometimes inappropriate).
Adam, these floods continue but are much fewer in number per day than they =
used to be. I don't have a record of a packet capture at hand (I will ask =
for one), but Central IT uses "Cacti monitoring of switch ports, with the T=
hreshold plugin configured to detect unicast packet rates well above normal=
on one (or more) interfaces." Central IT is triggering on one of our fiber=
uplinks when the unicast packet rate exceeds 50,000 packets/second. I get=
a report every time this happens...used to happen hundreds of times per da=
y is now down to about 1-2 per day since our network guy has begun configur=
ing those fiber ports with flood blocking.
~Sheila Crowe
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Ryan Dorm=
an
Sent: Thursday, May 03, 2012 12:20 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: SOHO WiFi routers and residential networking
Yep, happy to help with staring at captures.. its far more interesting than=
"Strategy" whatever that means:)
As a general rule ( I say general I know there are exceptions, styles and o=
ther such that engineers use for IPAM) a /24 is the largest size network yo=
u should put end user PC's on. Especially given the chatty nature of Mac m=
ulticast/rendezvoux traffic, MS broadcast traffic etc etc it can result in =
a single packet being responded to by 100's of machines that it was not ult=
imately destined for....
-rd
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU]<mailto:[mailto:RESNET-=
L@LISTSERV.ND.EDU]> On Behalf Of Chris Webster
Sent: Thursday, May 03, 2012 11:04 AM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>
Subject: Re: SOHO WiFi routers and residential networking
Packet captures are almost always useful in identifying problems that can't=
be explained simply based on the symptoms (which it's why it's one of the =
first things network people look for). I'm happy to take a look at any capt=
ures you have, with the caveat that the problem might be totally over my he=
ad.
/24 is CIDR notation meaning a block of 256 IP addresses. Wikipedia link is=
the best I can do right now... I'll see if I can come up with a better exp=
lanatory article later: http://en.wikipedia.org/wiki/Classless_Inter-Domain=
_Routing#IPv4_CIDR_blocks
-Chris
On Thu, May 3, 2012 at 1:49 PM, Crowe, Sheila <sheila@montana.edu<mailto:sh=
eila@montana.edu>> wrote:
I'm sure that we have done packet captures, Adam...would it help to see tho=
se?
Ryan, I'm not sure what you mean by subnets bigger than "/24." (I'm gonna =
read the Eric Leahy paper at lunch). I'm learning a little about networkin=
g along the way, aren't I?
My plan for the responses from the RESNET-L is to combine the suggestions a=
nd questions and present them to the network guy for analysis and answers.
Keep them coming! And thank you very much for sharing your expertise with =
me.
Sheila Crowe
Montana State University
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSER=
V.ND.EDU>] On Behalf Of Brock, Adam
Sent: Wednesday, May 02, 2012 9:24 PM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>
Subject: Re: SOHO WiFi routers and residential networking
Also, did anyone try getting a packet capture of the unicast traffic, or wa=
s that just a theory?
Sent from my Brockberry.
________________________________
From: Ryan Dorman <Ryan.Dorman@blackboard.com<mailto:Ryan.Dorman@blackboard=
.com>>
Sender: Resnet Forum <RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.=
EDU>>
Date: Wed, 2 May 2012 21:33:01 -0500
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU><RESNET-L@LIST=
SERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>>
ReplyTo: Resnet Forum <RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND=
.EDU>>
Subject: Re: [RESNET-L] SOHO WiFi routers and residential networking
My questions, slightly re-phrased:
1. For those of you who have a similar network, do you utilize either=
Storm Control or flood blocking? Why do you use one rather than the other=
?
a. We used storm control in the dorms back in my day (ha ha ha)... it=
was one of our bandaid procedures for sasser/blaster (hence why I did not =
describe it as the good old days). It has advantage of dealing with multip=
le types of traffic, not just Unicast.
b. This is a good article explaining the differences http://ericleahy.=
com/?p=3D611
2. Do you use some other measure to deal with unicast packet floods?
a. No
3. Considering the physical environment (single wired jacks), what do=
you feel is best practice when it comes to stopping unicast packet floods?
a. There are a couple things I would look at here more from a design =
perspective then a flood protection angle
i. How b=
ig are your subnets? If they are huge (bigger then /24) you're going to st=
art running up against broadcast issues.
ii. Have y=
ou considered Private VLAN's? Might help limit outages to a smaller group =
of people
iii. Do you=
limit the number of MAC addresses on a single port?
It surprises me that you are seeing unicast flooding like this.. in campus =
environments, and even in datacenters I have found that that is relatively =
rare. Granted, I don't work in in reshalls anymore and the nature of that =
traffic is different then here in sell-out world :) but I'd be interested t=
o see traces of who is flooding who and from what process etc etc...
Ryan Dorman
Director, Enterprise Technology Strategy Blackboard Inc.
O: 202.463.4860 x2618<tel:202.463.4860%20x2618>
M: 202.370.7889<tel:202.370.7889>
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSER=
V.ND.EDU>] On Behalf Of Crowe, Sheila
Sent: Tuesday, May 01, 2012 2:15 PM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>
Subject: Re: SOHO WiFi routers and residential networking
Thank you to Rand, Bruce and my hero, Adam Brock.
A bit more detailed information to help all the Cisco network guru types he=
lp me. To recap...
We have 2 housing areas: residence halls and family and graduate apartment=
s. Both areas have Cisco 2960 layer 2 switches and Cisco 3750 fiber switch=
es. In the residence halls we have one wired port per pillow and almost ub=
iquitous wireless coverage via Aruba APs and a single controller. ResNet i=
s charged as part of the room and board in the residence halls.
We don't provide wireless coverage in family and graduate housing. Our fam=
ily housing area was wired about 13 years ago and provided only one wired j=
ack per apartment; because of that, virtually every customer in family hous=
ing uses a soho wireless router. Prior to our upgrade in June, we were usi=
ng 3Com fiber switches and Cisco 2960 layer 2 switches, When we upgraded th=
is section of our network (from 3Com fiber switches to Cisco 3750s), we imm=
ediately had a BIG problem with our network dropping in family housing; no =
problems in the res halls. Backwards soho routers were not the problem bec=
ause we use DHCP snooping. Prior to the upgrade, our network ran like a sca=
lded cat in FGH. It was ultimately decided that the problem was caused by =
the larger concentration of SOHO wireless routers in that area producing un=
icast packet floods. Our team has discovered that Cisco switches have a fe=
ature called flood blocking that will block unicast and multicast floods at=
the switchpor!
t level. We are deploying this slowly. I am told that it is NOT Cisco's =
Storm Control.
My questions, slightly re-phrased:
1. For those of you who have a similar network, do you utilize either=
Storm Control or flood blocking? Why do you use one rather than the other=
?
2. Do you use some other measure to deal with unicast packet floods?
3. Considering the physical environment (single wired jacks), what do=
you feel is best practice when it comes to stopping unicast packet floods?
If you need more detail from me, please ask. Any information or feedback i=
s appreciated. If you prefer, please feel free to contact me off-list.
Thank you!
Sheila Crowe
MSU ResNet
sheila@montana.edu<mailto:sheila@montana.edu><mailto:sheila@montana.edu<mai=
lto:sheila@montana.edu>>
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSER=
V.ND.EDU>]<mailto:[mailto:RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV=
.ND.EDU>]> On Behalf Of Osborne, Bruce W
Sent: Tuesday, May 01, 2012 5:48 AM
To: RESNET-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU><mailto:RESNET=
-L@LISTSERV.ND.EDU<mailto:RESNET-L@LISTSERV.ND.EDU>>
Subject: Re: SOHO WiFi routers and residential networking
That is only the port part of the configuration. There are some global sett=
ings too.
Also, your switch uplink or the switch port with the DHCP server needs to b=
e trusted for this to function correctly. The three processes used here are=
"ARP inspection", "DHCO snooping", and "IP source guard". The features can=
vary, depending on your model of switch.
Here is one example of Cisco's documentation. This one is for 3550 switches=
. http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/releas=
e/12.2_25_see/configuration/guide/swdhcp82.html
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229<tel:%28434%29%20592-4229>
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Hall, Rand [mailto:hallr@MERRIMACK.EDU<mailto:hallr@MERRIMACK.EDU>]<m=
ailto:[mailto:hallr@MERRIMACK.EDU<mailto:hallr@MERRIMACK.EDU>]>
Sent: Monday, April 30, 2012 12:39 PM
Subject: Re: SOHO WiFi routers and residential networking
Sheila,
Good luck blocking rogues. :-) Your best bet is to hold to your commitment =
to providing service to the jack. To that you can add some basic best pract=
ice suggestions to people who want to try using a wireless router or bridge=
(enable encryption, negotiate channel selection with neighbors, etc).
Your network folks will want to turn on DHCP Snooping. Sometimes a resident=
will plug a router in "backwards" and offer up DHCP leases to their neighb=
ors--not a pretty sight. If they are new to Cisco they might appreciate a s=
ample interface config for some ideas. Feel free to share:
switchport access vlan xx
switchport mode access
switchport protected
switchport port-security maximum 6
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict switchport port-security agin=
g type inactivity ip arp inspection limit rate 15 burst interval 10 storm=
-control broadcast level pps 50 10 storm-control multicast level pps 50 10=
spanning-tree portfast spanning-tree bpduguard enable ip verify source =
ip dhcp snooping limit rate 10
Rand
Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532<tel:978-837-3532><tel:978-837-3532<tel:978-837-3532>>
rand.hall@merrimack.edu<mailto:rand.hall@merrimack.edu><mailto:rand.hall@me=
rrimack.edu<mailto:rand.hall@merrimack.edu>>
If I had an hour to save the world, I would spend 59 minutes defining the p=
roblem and one minute finding solutions. - Einstein
On Fri, Apr 27, 2012 at 1:48 PM, Crowe, Sheila <sheila@montana.edu<mailto:s=
heila@montana.edu><mailto:sheila@montana.edu<mailto:sheila@montana.edu>>> w=
rote:
In early March, I participated in a thread started by Jeannie Abney about w=
hat other schools' polices are for residents bringing personal wireless rou=
ters onto your network. I added some questions pertaining to single family=
apartments (vs. residence halls) and got some great feedback. I would lik=
e to take it a step further and ask some more questions based on the type o=
f network that we have.
We have a Cisco network, a core at the origin of the commodity internet pip=
e, and a subnet for each of our buildings (really areas). In the residence=
halls we have a large Aruba wireless network installed so that every build=
ing is blanketed for secure wireless internet access. In the residence ha=
lls, ResNet is charged out to every resident regardless of whether they use=
it or not.
We do not provide ubiquitous wireless coverage in family housing because Re=
sNet is an opt-in service. Additionally, our family housing area was wired =
about 13 years ago and only provided one wired jack per apartment. As I'm s=
ure you can imagine, virtually every customer in family housing has a soho =
wireless router. When we upgraded this section of our network (from 3Com s=
witches to Cisco), we immediately had a BIG problem with our network droppi=
ng constantly. It was ultimately decided that it was the SOHO wireless rou=
ters causing the problem; namely, unicast packet floods through our Cisco s=
witch ports. Only recently it was discovered that Cisco switches have a fea=
ture that will block unicast and multicast floods. We are deploying this s=
lowly.
Now for the questions. For those of you who have a similar network, do you =
employ this Cisco feature or do you simply block all "rogue" wireless conne=
ctions? Or do you have another measure in place to deal with the unicast p=
acket floods? Also, do your network engineers consider this a stopgap meas=
ure ("band-aid") to deal with residences where you do not offer WiFi?
Please do share all of the details about this issue (or non-issue) on your =
network as you know them. And thanks a million!
Sheila Crowe
Montana State University ResNet
406.994.4230<tel:406.994.4230><tel:406.994.4230<tel:406.994.4230>>
406.209.7243<tel:406.209.7243><tel:406.209.7243<tel:406.209.7243>>
P.S. I'm hoping to see all of you at the 2012 Student Technology Conference=
at Claremont Colleges!
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
This email and any attachments may contain confidential and proprietary inf=
ormation of Blackboard that is for the sole use of the intended recipient. =
If you are not the intended recipient, disclosure, copying, re-distribution=
or other use of any of this information is strictly prohibited. Please imm=
ediately notify the sender and delete this transmission if you received thi=
s email in error.
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--
Chris Webster
Senior Technician
OIT Walk-in Center
North Carolina State University
Ph: 919.513.2676
Fax: 919.513.2945
Email: chris.webster@ncsu.edu<mailto:chris.webster@ncsu.edu>
Web: http://go.ncsu.edu/wic/
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
This email and any attachments may contain confidential and proprietary inf=
ormation of Blackboard that is for the sole use of the intended recipient. =
If you are not the intended recipient, disclosure, copying, re-distribution=
or other use of any of this information is strictly prohibited. Please imm=
ediately notify the sender and delete this transmission if you received thi=
s email in error.
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_D0A43E8CC19B144398DFEC438095CB180E39DE0EB2EXCMSmsumonta_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoPlainText>Based on the =
correct definition of /24, our subnets are not larger than 256 IP addresses=
. Given that, I’m wondering how we were ever able to just use o=
ne subnet? We have well over than 300 devices connected at one time i=
n a single subnet. Reckon they’re counting on not everyone bein=
g connected at the same time, but that’s pretty iffy in our larger do=
rms (~300 residents there). In Family Housing, at peak times of the y=
ear, we have more than 500 users. Good Lord. If not enough IP s=
pace is the problem, I might open a vein. (My sense of humor is somet=
imes inappropriate). <o:p></o:p></p><p class=3DMsoPlainText><o:p>&nbs=
p;</o:p></p><p class=3DMsoPlainText>Adam, these floods continue but are muc=
h fewer in number per day than they used to be. I don't have a record=
of a packet capture at hand (I will ask for one), but Central IT uses R=
20;Cacti monitoring of switch ports, with the Threshold plugin configured t=
o detect unicast packet rates well above normal on one (or more) interfaces=
.” Central IT is triggering on one of our fiber uplinks when the unic=
ast packet rate exceeds 50,000 packets/second. I get a report every t=
ime this happens…used to happen hundreds of times per day is now down=
to about 1-2 per day since our network guy has begun configuring those fib=
er ports with flood blocking.<o:p></o:p></p><p class=3DMsoNormal><o:p> =
;</o:p></p><p class=3DMsoPlainText> ~Sheila Crowe<o:p></o:p></p><p cl=
ass=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","sans=
-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style=3D'borde=
r:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=
=3DMsoNormal><b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-=
serif"'>From:</span></b><span style=3D'font-size:10.0pt;font-family:"Tahoma=
","sans-serif"'> Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] <b>On Behal=
f Of </b>Ryan Dorman<br><b>Sent:</b> Thursday, May 03, 2012 12:20 PM<br><b>=
To:</b> RESNET-L@LISTSERV.ND.EDU<br><b>Subject:</b> Re: SOHO WiFi routers a=
nd residential networking<o:p></o:p></span></p></div></div><p class=3DMsoNo=
rmal><o:p> </o:p></p><p class=3DMsoNormal><a name=3D"_MailEndCompose">=
<span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1=
F497D'>Yep, happy to help with staring at captures.. its far more interesti=
ng than “Strategy” whatever that means</span></a><span style=3D=
'font-size:11.0pt;font-family:Wingdings;color:#1F497D'>J</span><span style=
=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p=
></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;font=
-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><=
p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","=
sans-serif";color:#1F497D'>As a general rule ( I say <b>general</b> I know =
there are exceptions, styles and other such that engineers use for IPAM) a =
/24 is the largest size network you should put end user PC’s on. =
; Especially given the chatty nature of Mac multicast/rendezvoux traffic, M=
S broadcast traffic etc etc it can result in a single packet being responde=
d to by 100’s of machines that it was not ultimately destined forR=
30;. <o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11=
.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></s=
pan></p><p class=3DMsoNormal><span style=3D'font-size:11.0pt;font-family:"C=
alibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=3D=
MsoNormal><span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif=
";color:#1F497D'>-rd<o:p></o:p></span></p><p class=3DMsoNormal><span style=
=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p=
> </o:p></span></p><p class=3DMsoNormal><b><span style=3D'font-size:10=
.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style=3D'font=
-size:10.0pt;font-family:"Tahoma","sans-serif"'> Resnet Forum <a href=3D"ma=
ilto:[mailto:RESNET-L@LISTSERV.ND.EDU]">[mailto:RESNET-L@LISTSERV.ND.EDU]</=
a> <b>On Behalf Of </b>Chris Webster<br><b>Sent:</b> Thursday, May 03, 2012=
11:04 AM<br><b>To:</b> <a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-=
L@LISTSERV.ND.EDU</a><br><b>Subject:</b> Re: SOHO WiFi routers and resident=
ial networking<o:p></o:p></span></p><p class=3DMsoNormal><o:p> </o:p><=
/p><div><p class=3DMsoNormal>Packet captures are almost always useful in id=
entifying problems that can't be explained simply based on the symptoms (wh=
ich it's why it's one of the first things network people look for). I'm hap=
py to take a look at any captures you have, with the caveat that the proble=
m might be totally over my head.<o:p></o:p></p></div><div><p class=3DMsoNor=
mal><o:p> </o:p></p></div><p class=3DMsoNormal>/24 is CIDR notation me=
aning a block of 256 IP addresses. Wikipedia link is the best I can do=
right now... I'll see if I can come up with a better explanatory article l=
ater: <a href=3D"http://en.wikipedia.org/wiki/Classless_Inter-Domain_R=
outing#IPv4_CIDR_blocks">http://en.wikipedia.org/wiki/Classless_Inter-Domai=
n_Routing#IPv4_CIDR_blocks</a><o:p></o:p></p><div><p class=3DMsoNormal><br>=
-Chris <o:p></o:p></p></div><div><p class=3DMsoNormal><o:p> </o:p=
></p><div><p class=3DMsoNormal>On Thu, May 3, 2012 at 1:49 PM, Crowe, Sheil=
a <<a href=3D"mailto:sheila@montana.edu" target=3D"_blank">sheila@montan=
a.edu</a>> wrote:<o:p></o:p></p><p class=3DMsoNormal>I'm sure that we ha=
ve done packet captures, Adam...would it help to see those?<br><br>Ryan, I'=
m not sure what you mean by subnets bigger than "/24." (I'm=
gonna read the Eric Leahy paper at lunch). I'm learning a little abo=
ut networking along the way, aren't I?<br><br>My plan for the responses fro=
m the RESNET-L is to combine the suggestions and questions and present them=
to the network guy for analysis and answers.<br><br>Keep them coming! &nbs=
p;And thank you very much for sharing your expertise with me.<o:p></o:p></p=
><div><p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><br>Sheila Crowe<=
br>Montana State University<o:p></o:p></p></div><div><p class=3DMsoNormal s=
tyle=3D'margin-bottom:12.0pt'>-----Original Message-----<br>From: Resnet Fo=
rum [mailto:<a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.N=
D.EDU</a>] On Behalf Of Brock, Adam<br>Sent: Wednesday, May 02, 2012 9:24 P=
M<br>To: <a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.E=
DU</a><br>Subject: Re: SOHO WiFi routers and residential networking<o:p></o=
:p></p></div><div><p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>Also,=
did anyone try getting a packet capture of the unicast traffic, or was tha=
t just a theory?<br>Sent from my Brockberry.<br>___________________________=
_____<br>From: Ryan Dorman <<a href=3D"mailto:Ryan.Dorman@blackboard.com=
">Ryan.Dorman@blackboard.com</a>><br>Sender: Resnet Forum <<a href=3D=
"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>><br>Date:=
Wed, 2 May 2012 21:33:01 -0500<br>To: <a href=3D"mailto:RESNET-L@LISTSERV.=
ND.EDU">RESNET-L@LISTSERV.ND.EDU</a><<a href=3D"mailto:RESNET-L@LISTSERV=
.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>><br>ReplyTo: Resnet Forum <<a h=
ref=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>><br=
>Subject: Re: [RESNET-L] SOHO WiFi routers and residential networking<br><b=
r>My questions, slightly re-phrased:<br><br>1. For tho=
se of you who have a similar network, do you utilize either Storm Control o=
r flood blocking? Why do you use one rather than the other?<o:p></o:p=
></p></div><p class=3DMsoNormal>a. We used storm contr=
ol in the dorms back in my day (ha ha ha)... it was one of our bandaid proc=
edures for sasser/blaster (hence why I did not describe it as the good old =
days). It has advantage of dealing with multiple types of traffic, no=
t just Unicast.<o:p></o:p></p><div><p class=3DMsoNormal style=3D'margin-bot=
tom:12.0pt'><br>b. This is a good article explaining th=
e differences <a href=3D"http://ericleahy.com/?p=3D611" target=3D"_blank">h=
ttp://ericleahy.com/?p=3D611</a><br><br><br><br>2. Do =
you use some other measure to deal with unicast packet floods?<br><br>a. &n=
bsp; No<br><br><br>3. Considering the ph=
ysical environment (single wired jacks), what do you feel is best practice =
when it comes to stopping unicast packet floods?<br><br>a. &n=
bsp; There are a couple things I would look at here more from a design pers=
pective then a flood protection angle<br><br> &n=
bsp; =
 =
; i. How big are you=
r subnets? If they are huge (bigger then /24) you're going to start r=
unning up against broadcast issues.<br><br> &nbs=
p; &n=
bsp; =
ii. Have you considered Pri=
vate VLAN's? Might help limit outages to a smaller group of people<br=
><br> =
 =
; iii. =
Do you limit the number of MAC addresses on a single port?<o:=
p></o:p></p></div><p class=3DMsoNormal>It surprises me that you are seeing =
unicast flooding like this.. in campus environments, and even in datacenter=
s I have found that that is relatively rare. Granted, I don't work in=
in reshalls anymore and the nature of that traffic is different then here =
in sell-out world :) but I'd be interested to see traces of who is flooding=
who and from what process etc etc...<o:p></o:p></p><div><p class=3DMsoNorm=
al style=3D'margin-bottom:12.0pt'><br>Ryan Dorman<br>Director, Enterprise T=
echnology Strategy Blackboard Inc.<br><br>O: <a href=3D"tel:202.463.4860%20=
x2618">202.463.4860 x2618</a><br>M: <a href=3D"tel:202.370.7889">202.370.78=
89</a><br><br>From: Resnet Forum [mailto:<a href=3D"mailto:RESNET-L@LISTSER=
V.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>] On Behalf Of Crowe, Sheila<br>Sent:=
Tuesday, May 01, 2012 2:15 PM<br>To: <a href=3D"mailto:RESNET-L@LISTSERV.N=
D.EDU">RESNET-L@LISTSERV.ND.EDU</a><br>Subject: Re: SOHO WiFi routers and r=
esidential networking<br><br>Thank you to Rand, Bruce and my hero, Adam Bro=
ck.<o:p></o:p></p></div><p class=3DMsoNormal>A bit more detailed informatio=
n to help all the Cisco network guru types help me. To recap...<o:p><=
/o:p></p><div><div><p class=3DMsoNormal><br>We have 2 housing areas: =
residence halls and family and graduate apartments. Both areas have C=
isco 2960 layer 2 switches and Cisco 3750 fiber switches. In the resi=
dence halls we have one wired port per pillow and almost ubiquitous wireles=
s coverage via Aruba APs and a single controller. ResNet is charged a=
s part of the room and board in the residence halls.<br><br>We don't provid=
e wireless coverage in family and graduate housing. Our family housin=
g area was wired about 13 years ago and provided only one wired jack per ap=
artment; because of that, virtually every customer in family housing uses a=
soho wireless router. Prior to our upgrade in June, we were using 3C=
om fiber switches and Cisco 2960 layer 2 switches, When we upgraded this se=
ction of our network (from 3Com fiber switches to Cisco 3750s), we immediat=
ely had a BIG problem with our network dropping in family housing; no probl=
ems in the res halls. Backwards soho routers were not the problem bec=
ause we use DHCP snooping. Prior to the upgrade, our network ran like a sca=
lded cat in FGH. It was ultimately decided that the problem was cause=
d by the larger concentration of SOHO wireless routers in that area produci=
ng unicast packet floods. Our team has discovered that Cisco switches=
have a feature called flood blocking that will block unicast and multicast=
floods at the switchpor!<br> t level. We are deploying this slo=
wly. I am told that it is NOT Cisco's Storm Control.<br><br>My questi=
ons, slightly re-phrased:<br><br>1. For those of you w=
ho have a similar network, do you utilize either Storm Control or flood blo=
cking? Why do you use one rather than the other?<br><br><br>2. =
Do you use some other measure to deal with unicast packet fl=
oods?<br><br><br>3. Considering the physical environme=
nt (single wired jacks), what do you feel is best practice when it comes to=
stopping unicast packet floods?<br><br><br>If you need more detail from me=
, please ask. Any information or feedback is appreciated. If yo=
u prefer, please feel free to contact me off-list.<br><br>Thank you!<br>She=
ila Crowe<br>MSU ResNet<br><a href=3D"mailto:sheila@montana.edu">sheila@mon=
tana.edu</a><mailto:<a href=3D"mailto:sheila@montana.edu">sheila@montana=
.edu</a>><br><br><br>From: Resnet Forum [mailto:<a href=3D"mailto:RESNET=
-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>]<mailto:[mailto:<a href=
=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a>]> On B=
ehalf Of Osborne, Bruce W<br>Sent: Tuesday, May 01, 2012 5:48 AM<br>To: <a =
href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</a><ma=
ilto:<a href=3D"mailto:RESNET-L@LISTSERV.ND.EDU">RESNET-L@LISTSERV.ND.EDU</=
a>><br>Subject: Re: SOHO WiFi routers and residential networking<br><br>=
That is only the port part of the configuration. There are some global sett=
ings too.<br><br>Also, your switch uplink or the switch port with the DHCP =
server needs to be trusted for this to function correctly. The three proces=
ses used here are "ARP inspection", "DHCO snooping", an=
d "IP source guard". The features can vary, depending on your mod=
el of switch.<br><br>Here is one example of Cisco's documentation. This one=
is for 3550 switches. <a href=3D"http://www.cisco.com/en/US/docs/switches/=
lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swdhcp82.=
html" target=3D"_blank">http://www.cisco.com/en/US/docs/switches/lan/cataly=
st3550/software/release/12.2_25_see/configuration/guide/swdhcp82.html</a><b=
r><br><br>Bruce Osborne<br>Network Engineer<br>IT Network Services<br><br><=
a href=3D"tel:%28434%29%20592-4229">(434) 592-4229</a><br><br>LIBERTY UNIVE=
RSITY<br>Training Champions for Christ since 1971<br><br>From: Hall, Rand [=
mailto:<a href=3D"mailto:hallr@MERRIMACK.EDU">hallr@MERRIMACK.EDU</a>]<m=
ailto:[mailto:<a href=3D"mailto:hallr@MERRIMACK.EDU">hallr@MERRIMACK.EDU</a=
>]><br>Sent: Monday, April 30, 2012 12:39 PM<br>Subject: Re: SOHO WiFi r=
outers and residential networking<br><br>Sheila,<br><br>Good luck blocking =
rogues. :-) Your best bet is to hold to your commitment to providing servic=
e to the jack. To that you can add some basic best practice suggestions to =
people who want to try using a wireless router or bridge (enable encryption=
, negotiate channel selection with neighbors, etc).<br><br>Your network fol=
ks will want to turn on DHCP Snooping. Sometimes a resident will plug a rou=
ter in "backwards" and offer up DHCP leases to their neighbors--n=
ot a pretty sight. If they are new to Cisco they might appreciate a sample =
interface config for some ideas. Feel free to share:<br><br> switchpor=
t access vlan xx<br> switchport mode access<br> switchport protec=
ted<br> switchport port-security maximum 6<br> switchport port-se=
curity<br> switchport port-security aging time 1<br> switchport p=
ort-security violation restrict switchport port-security aging type i=
nactivity ip arp inspection limit rate 15 burst interval 10 sto=
rm-control broadcast level pps 50 10 storm-control multicast level pp=
s 50 10 spanning-tree portfast spanning-tree bpduguard enable &=
nbsp;ip verify source ip dhcp snooping limit rate 10<br><br><br>Rand<=
br><br>Rand P. Hall<br>Director, Network Services &nbs=
p; askIT!<br>Merrimack College<br><a href=3D"te=
l:978-837-3532">978-837-3532</a><tel:<a href=3D"tel:978-837-3532">978-83=
7-3532</a>><br><a href=3D"mailto:rand.hall@merrimack.edu">rand.hall@merr=
imack.edu</a><mailto:<a href=3D"mailto:rand.hall@merrimack.edu">rand.hal=
l@merrimack.edu</a>><br><br>If I had an hour to save the world, I would =
spend 59 minutes defining the problem and one minute finding solutions. - E=
instein<br><br>On Fri, Apr 27, 2012 at 1:48 PM, Crowe, Sheila <<a href=
=3D"mailto:sheila@montana.edu">sheila@montana.edu</a><mailto:<a href=3D"=
mailto:sheila@montana.edu">sheila@montana.edu</a>>> wrote:<br>In earl=
y March, I participated in a thread started by Jeannie Abney about what oth=
er schools' polices are for residents bringing personal wireless routers on=
to your network. I added some questions pertaining to single family a=
partments (vs. residence halls) and got some great feedback. I would =
like to take it a step further and ask some more questions based on the typ=
e of network that we have.<br><br>We have a Cisco network, a core at the or=
igin of the commodity internet pipe, and a subnet for each of our buildings=
(really areas). In the residence halls we have a large Aruba wireles=
s network installed so that every building is blanketed for secure wireless=
internet access. In the residence halls, ResNet is charged out to e=
very resident regardless of whether they use it or not.<br><br>We do not pr=
ovide ubiquitous wireless coverage in family housing because ResNet is an o=
pt-in service. Additionally, our family housing area was wired about 13 yea=
rs ago and only provided one wired jack per apartment. As I'm sure you can =
imagine, virtually every customer in family housing has a soho wireless rou=
ter. When we upgraded this section of our network (from 3Com switches=
to Cisco), we immediately had a BIG problem with our network dropping cons=
tantly. It was ultimately decided that it was the SOHO wireless route=
rs causing the problem; namely, unicast packet floods through our Cisco swi=
tch ports. Only recently it was discovered that Cisco switches have a featu=
re that will block unicast and multicast floods. We are deploying thi=
s slowly.<br><br>Now for the questions. For those of you who have a similar=
network, do you employ this Cisco feature or do you simply block all "=
;rogue" wireless connections? Or do you have another measure in =
place to deal with the unicast packet floods? Also, do your network e=
ngineers consider this a stopgap measure ("band-aid") to deal wit=
h residences where you do not offer WiFi?<br><br>Please do share all of the=
details about this issue (or non-issue) on your network as you know them. =
And thanks a million!<br><br>Sheila Crowe<br>Montana State University=
ResNet<br><a href=3D"tel:406.994.4230">406.994.4230</a><tel:<a href=3D"=
tel:406.994.4230">406.994.4230</a>><br><a href=3D"tel:406.209.7243">406.=
209.7243</a><tel:<a href=3D"tel:406.209.7243">406.209.7243</a>><br><b=
r>P.S. I'm hoping to see all of you at the 2012 Student Technology Conferen=
ce at Claremont Colleges!<br><br>__________________________________________=
_________ You are subscribed to the ResNet-L mailing list.<br><br>To subscr=
ibe, unsubscribe or search the archives, go to <a href=3D"http://LISTSERV.N=
D.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/arch=
ives/resnet-l.html</a> ___________________________________________________<=
br><br>___________________________________________________ You are subscrib=
ed to the ResNet-L mailing list.<br><br>To subscribe, unsubscribe or search=
the archives, go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.ht=
ml" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a> ___=
________________________________________________<br>_______________________=
____________________________ You are subscribed to the ResNet-L mailing lis=
t.<br><br>To subscribe, unsubscribe or search the archives, go to <a href=
=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http:/=
/LISTSERV.ND.EDU/archives/resnet-l.html</a> _______________________________=
____________________<br>___________________________________________________=
You are subscribed to the ResNet-L mailing list.<br><br>To subscribe, unsu=
bscribe or search the archives, go to <a href=3D"http://LISTSERV.ND.EDU/arc=
hives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resn=
et-l.html</a> ___________________________________________________<br><br>Th=
is email and any attachments may contain confidential and proprietary infor=
mation of Blackboard that is for the sole use of the intended recipient. If=
you are not the intended recipient, disclosure, copying, re-distribution o=
r other use of any of this information is strictly prohibited. Please immed=
iately notify the sender and delete this transmission if you received this =
email in error.<br>___________________________________________________ You =
are subscribed to the ResNet-L mailing list.<br><br>To subscribe, unsubscri=
be or search the archives, go to <a href=3D"http://LISTSERV.ND.EDU/archives=
/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.=
html</a> ___________________________________________________<br><br>_______=
____________________________________________<br>You are subscribed to the R=
esNet-L mailing list.<br><br>To subscribe, unsubscribe or search the archiv=
es, go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=
=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a><br>__________=
_________________________________________<br><br>__________________________=
_________________________<br>You are subscribed to the ResNet-L mailing lis=
t.<br><br>To subscribe, unsubscribe or search the archives,<br>go to <a hre=
f=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http:=
//LISTSERV.ND.EDU/archives/resnet-l.html</a><br>___________________________=
________________________<o:p></o:p></p></div></div></div><p class=3DMsoNorm=
al><br><br clear=3Dall><o:p></o:p></p><div><p class=3DMsoNormal><o:p> =
</o:p></p></div><p class=3DMsoNormal>-- <br>Chris Webster<br>Senior Technic=
ian<br>OIT Walk-in Center<br>North Carolina State University<br><br>Ph: 919=
.513.2676<br>Fax: 919.513.2945<br>Email: <a href=3D"mailto:chris.webster@nc=
su.edu" target=3D"_blank">chris.webster@ncsu.edu</a><br>Web: <a href=3D"htt=
p://go.ncsu.edu/wic/" target=3D"_blank">http://go.ncsu.edu/wic/</a><o:p></o=
:p></p></div><p class=3DMsoNormal>_________________________________________=
__________ You are subscribed to the ResNet-L mailing list. <o:p></o:p></p>=
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archives/r=
esnet-l.html</a> ___________________________________________________ <o:p><=
/o:p></p><p class=3DMsoNormal><br><span style=3D'font-size:10.0pt;font-fami=
ly:"Arial","sans-serif";color:blue'>This email and any attachments may cont=
ain confidential and proprietary information of Blackboard that is for the =
sole use of the intended recipient. If you are not the intended recipient, =
disclosure, copying, re-distribution or other use of any of this informatio=
n is strictly prohibited. Please immediately notify the sender and delete t=
his transmission if you received this email in error.</span><o:p></o:p></p>=
<p class=3DMsoNormal>___________________________________________________ Yo=
u are subscribed to the ResNet-L mailing list. <o:p></o:p></p><p>To subscri=
be, unsubscribe or search the archives, go to <a href=3D"http://LISTSERV.ND=
.EDU/archives/resnet-l.html">http://LISTSERV.ND.EDU/archives/resnet-l.html<=
/a> ___________________________________________________ <o:p></o:p></p></di=
v></body></html>=
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_D0A43E8CC19B144398DFEC438095CB180E39DE0EB2EXCMSmsumonta_--
