Bridge ARP flood

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Bridge ARP flood

Post by nio-12 » Mon Mar 05, 2018 9:24 am

Hello, EVE-NG community!

I am testing a bridge features in cisco routers using EVE-NG.

The network is shown on the picture (see attachment bridge.png).

It has two examples.

The first example has: VPC1_1, VPC2_1, VPC3_1, R_1.

The second example has: VPC1_2, VPC2_2, VPC3_2, R_2, S1_2, S2_2, S3_2.

The configuration of the router is shown on the right side of the picture.

The problem is in the second example when I try to ping VPC2_2 from VPC1_2.

The result is ARP flood.

Wireshark capture of R_2.e0/1 is shown on the picture (see attachment arp.png).

I am new to Cisco and EVE-NG.

Can anybody help me to understand why the first example work and the second doesn`t work?

How to fix arp flood in the second example?

I use the last version of EVE-NG and Cisco IOL for Routeres and Switches.
You do not have the required permissions to view the files attached to this post.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Bridge ARP flood

Post by Uldis (UD) » Mon Mar 05, 2018 10:50 am

router bridge config issue only.
Just replicated your lab and all OK.



bridge irb
!
!
!
!
interface Ethernet0/0
no ip address
bridge-group 1
!
interface Ethernet0/1
no ip address
bridge-group 1
!
interface Ethernet0/2
no ip address
bridge-group 1
!
interface Ethernet0/3
no ip address
shutdown
!
interface BVI1
ip address 140.0.0.4 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!


ADVICE, dont use such masks like /6
I used /24
UD

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Re: Bridge ARP flood

Post by nio-12 » Mon Mar 05, 2018 11:31 am

I have tried the suggested router config, also changed VPC netmask to 255.255.255.0, but result is the same - arp flood.

May be I am using bad cisco iol images? I have download it for free.

I also tried with dynamips images and vios images. I have download it for free too. But the result is the same - it doesn`t work for me.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Bridge ARP flood

Post by Uldis (UD) » Tue Mar 06, 2018 12:39 am

no idea what are doing there,
but I used IOL 15.4.2T L3
and SW was L2 15.2 IRON
no issues at all

for all VPCS nodes Gateway must be router IP my lab its 140.0.0.4
You do not have the required permissions to view the files attached to this post.

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Re: Bridge ARP flood

Post by nio-12 » Tue Mar 06, 2018 11:28 am

Uldis (UD), thank you for your interest and help.

The behaviour of ARP flood seems to be unpredictable.

I think to reproduce ARP flood you have to try to ping each node from each node.

For example try ping: 140.0.0.2, 140.0.0.3, 140.0.0.4 from 140.0.0.1.

I have a shot video that show the problem.

Here is a link: https://yadi.sk/i/pmA82jtL3T5FN9

In video it is shown than I can ping 140.0.0.2, 140.0.0.3 from 140.0.0.1, I cannot ping 140.0.0.4 from 140.0.0.1.

And when I try to ping 140.0.0.1 from 140.0.0.4 I get ARP flood.

I use cisco IOL:

0086e5f41971bf35428c216a0ee6aabf L2-ADVENTERPRISEK9-M-15.2-IRON-20151103.bin
a3a45f36df542b7d3988391a12b2d980 L3-ADVENTERPRISEK9-M-15.4-2T.bin

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Bridge ARP flood

Post by Uldis (UD) » Tue Mar 06, 2018 12:16 pm

No issues,
L3 is same,
but L2 is :

Code: Select all

Switch#sh ver
Cisco IOS Software, Linux Software (I86BI_LINUXL2-IPBASEK9-M), Experimental Version 15.2(20170809:194209) [dstivers-aug9_2017-high_iron_cts 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 09-Aug-17 13:49 by xxxxxxxx
try change L2 image

UD
You do not have the required permissions to view the files attached to this post.

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Re: Bridge ARP flood

Post by nio-12 » Tue Mar 06, 2018 12:47 pm

The picture shows tree pings.

And can you ping a router?

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Bridge ARP flood

Post by Uldis (UD) » Wed Mar 07, 2018 2:40 am

yes, from any VPC and no flood
Router IP is 140.0.0.4
and no issues
You do not have the required permissions to view the files attached to this post.

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Re: Bridge ARP flood

Post by nio-12 » Wed Mar 07, 2018 7:00 am

Is it possible to test your L2 image?

nio-12
Posts: 10
Joined: Mon Mar 05, 2018 8:51 am

Re: Bridge ARP flood

Post by nio-12 » Wed Mar 07, 2018 2:45 pm

I simplified the lab excluding Switches and have tested two configs of Router.

The first config has bridge without IP address:
no interface BVI1
no bridge 1 route ip

Its tcpdump of ping VPC6 from VPC5 is shown in apr1.png.

It seems to be OK.

The second config has bridge with IP address:
bridge 1 protocol ieee
bridge 1 route ip
interface BVI1
ip address 140.0.0.4 255.255.255.0

Its tcpdump of ping VPC6 from VPC5 is shown in apr2.png.

It seems to have a packet that produce ARP flood when we add Switches.

Can anybody explain me the difference beetwen two results?

My L2 and L3 images versions:

L2 Image
Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20151103)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to FLO_DSGS7_POSTCOLLAPSE_TEAM_TRACK_DSGS_PI5
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 04-Nov-15 02:31 by mmen

L3 Image
Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.4(2)T4, DEVELOPMENT TEST SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Thu 08-Oct-15 21:21 by prod_rel_team
You do not have the required permissions to view the files attached to this post.

Post Reply