NTP Broadcast Issue
Many of my regular customers refer to me as the ‘Network Janitor’ because I seem to gravitate to ‘cleaning up’ networks.
In some cases, yes physically cleaning up and organizing datacenters, wiring closets, etc – kind a network version of a personal organizer. In most cases though I clean up the network from the packet perspective.
For years I have been preaching concepts such as ‘The pc bootup and login baseline’ as well as “The VLAN or subnet broadcast analysis”. In both cases, I look for unnecessary traffic to make things run smoother and more efficiently.
In my throughput class I explain how quickly things get messy using basic math. For example, assume you have a 7% broadcast rate on switch where everybody has a 1 Gbps connection.
Then on this same switch assume there is a Wireless access point with a 100 Mbps connection. Here comes the math: 7% of 1 Gbps is 70 Mbps hitting the access point with a 802.11g or 54 Mbps radios. See what I mean.
This is precisely why I look for ways to minimize the number of broadcasts floating around your network.
In this specific example a HP printer was using its default NTP configuration where it transmits a broadcast packet looking for its time server or services. Since this is a large flat network, hundreds of devices ARP for the printer. This wouldn’t be an issue if there were fewer devices within this VLAN, but like I just said, hundreds of devices respond with an ARP broadcast.
Depending when the device’s arp tables expired, I observer anywhere from approx 50 – 7,000 broadcasts per second. After seeing this the symptoms made perfect sense. When there a lot of ARP’s the wireless users got kicked off as well as general performance issues everywhere.
When there where less, then there was just performance issues and general network slowdowns.
Yikkes!! Fortunately in this case just the one printer was configured this way and was easy modified. Regardless, I showed the customer how their current network design is affected by broadcasts.