Unicast Flooding due to Asymmetric Routing

19 posts were merged into an existing topic: Unicast Flooding due to Asymmetric Routing

Hi Rene,

Thank you for the article. But I have a question. If I use SW1 multilayer switch as a gateway for all vlans, and sw2 as a L2 switch will the problem occur again? I think it will occur for the traffic from H2 to H1 because, SW2 will not learn the mac address of H1. Is it true ?If it is true, then for the design should we use just 1 multilayer switch and connect all hosts to it to avoid flooding?

Thanks,
Umut

Hi Umut,

The problem here is that some traffic is switched, some is routed. If you use SW1 as the default gateway for all VLANs and SW2 only for switching then there won’t be a problem. SW2 will be able to learn all MAC addresses, the MAC address of H2 and the MAC address on the VLAN interface of SW1.

Otherwise, changing the ARP timeout is another solution.

Rene

Aaahh!! That is an intense topic.
Is it possible in a network/ LAN to have two default gateways? I am not sure how much stupid is this question!!! Just came to mind if redundancy can give a better result.

Excellent explanation. I was thinking whole day and your answer helped me to realize the difference between an ARP message (inside Ethernet Frame) and Ethernet Frame.
What currently in my mind is - Why the switch doesn’t learn MAC address from the ARP table if it is not present in MAC table? Too many confusion in this topic… !!!

Hello Rosna,

Each router in your network can be used as a default gateway by your hosts but the problem is that most hosts only support a default gateway.

That’s why we use “gateway redundancy” protocols like HSRP, VRRP, and GLBP. You can read more about this here:

About the switch…A switch is a layer two device so all it “cares” about is forwarding Ethernet frames. It only cares about looking at the source MAC addresses to learn addresses and looking at the destination MAC address to figure out where to send it to.

ARP is just one protocol that you can find in an Ethernet frame…an Ethernet frame can also contain an IPv4 packet, an IPv6 packet or some other protocols.

ARP is used to bind a layer two address (MAC address) to a layer three address (IP address). We only need this on a switch if you access the switch with telnet/SSH or if you configure your switch as a router (that’s a layer three switch).

Rene

what does symmetric Routing look like ?

Hello Pipat

When referring to routing, asymmetric and symmetric are terms used to describe the path that the packets between two endpoints take. Symmetric routing takes places when two hosts are communicating with each other and all traffic sent from Host A to Host B takes the exact same path (passes through the same routers) as traffic that is sent from Host B to Host A.

Asymmetric routing takes place when traffic sent from Host A to Host B is different than the route taken for traffic sent from Host B to Host A.

These paths can and often are different because there may be multiple redundant paths or load balancing routing configurations that allow for the use of multiple routes to get from one host to another. Symmetric and Asymmetric routing are not static situations but can and do change based on the routing parameters and policies that are in place as well as on the changing state of network traffic and potential link failures.

I hope this has been helpful!

Laz

Hi Rene,

Again it is an excellent example and made me think.

When a datagram starts at a host for a specific destination on a different subnet what changes is the L2 header.
I think in your write up , ‘Unicast flooding can occur when a switch doesn’t know the destination MAC address’ can be better written as ‘Unicast flooding can occur when a switch cannot learn the mac address to port binding for a host’. As the frame has the destinaton Mac and not all Fs but it does not know which port to send it to and floods the frame to all pots of a Vlan. the one for which it is meant receives along with others who discards it but network performance degrades.

Many thanks and regards,

Sutandra

Hi @sutandrac1,

I agree, this sounds better. I just changed this.

Rene

Hi Lazaros,
Would you please simplify Symmetric and Asymmetric routing?
Although this question has been asked but I didn’t get the concept.

Hello Muhammad

Symmetric routing simply refers to the fact that the route taken from host A to host B is the same route, in reverse, that is taken from host B to host A. Now in Rene’s topology, it may look like the same route is taken in both cases, and yet Rene refers to one of the scenarios as asymmetric and the other as symmetric.

This is because a route is defined by where the routing takes place. So more precisely, symmetric routing is routing where the routers through which a packet is routed are the same as those used for the return journey, in reverse order.

With this in mind, in the topology in the Lab, a symmetric routing scenario is one where:

  • H1 --> SW1 --> H2 (where SW1 is used as the default gateway of H1 and the packets are routed there)
  • H2 --> SW1 --> H1 (where SW1 is again used as the default gateway of H2 and the packets are routed there)

An asymmetric routing scenario is one where:

  • H1 --> SW1 --> H2 (where SW1 is used as the default gateway of H1 and the packets are routed there)
  • H2 --> SW2 --> H1 (where SW2 is again used as the default gateway of H2 and the packets are routed there)

I hope this has been helpful in clarifying it further!

Laz

Hi,
Great explaination.
Anyway I can’t understand the advantages of asymmetric routing.

For example in the case where H1 and H2 would be two routers to exit outside…why should I implement a topology like this?

Thanks

Hello Giovanni

There really isn’t a reason why you would deliberately create asymmetric routing. The purpose of the lesson here is to inform you of the concept. You may set up a network like this without realizing that asymmetric routing is actually taking place.

Now having said that, the only time you would want to deliberately set up a network like this is if you want to more evenly distribute routing responsibilities between two devices. If you have a large network and all your routing takes place in one of the two L3 switches, a lot of CPU and memory would be used on that switch to route everything while the other’s resources remain idle. Although this is true, there are other more appropriate ways to distribute such routing responsibilities (such as Gateway Redundancy protocols).

In that case, you probably wouldn’t create such a scenario, but you’d look at implementing a multi-homed edge topology using BGP similar to those found in the following lesson.

I hope this has been helpful!

Laz

Hi Rene

You have mentioned “SW2 will put the IP packet from host 2 in an Ethernet frame that has its own MAC address as the source.”
What do you mean by “own MAC address as the source”, which address?
What source address you are referring to? do you mean the source address of VLAN10 (SVI) or source address as the Base address of the switch?
I also want to check that the IP packet which is encapsulated under Ethernet frame will have Src as host2’s MAC address and dst as host1’s MAC address, is that correct?

Thanks

Hi @vikrants31,

Good question. The IP packet is routed, so the source MAC address is the MAC address of the VLAN 10 SVI. I just updated this sentence to include that.

This would be true if H1 and H2 were in the same VLAN. When H2 wants to send an IP packet to H1, the source IP address is 192.168.20.2 and the destination IP address is 192.168.10.1.

From H2’s perspective, 192.168.10.1 is on another subnet so it will send the IP packet to its default gateway (SW2 - 192.168.20.253). The source MAC address is H2, the destination MAC address is SW2’s VLAN20 SVI.

Hope this helps!

Rene

The diagrams under the section titled “Traffic path from Host 2 to host 1” has incorrect interface and switch labels that causes confusion. For instance, the first diagram in this section shows SW2 with two interfaces to connected hosts labeled Fa0/1 and Fa0/3. Now, this switch may in fact have these interfaces but I am assuming that we are trying to stay in strict accordance with the network diagram shown at the beginning of this lesson (four hosts, two switches, separate and distinct interface labels). The subsequent diagrams are similarly incorrectly labeled as you progress through this section.

Brad

Hi Brad

Once again, thanks for pointing this out. We’ll get to fixing it as soon as possible.

Laz

Hi Rene and Team,

Thank you for your great posts and articles to assist with our Studies!

In regards to why SW1 will never learn the MAC address of H2 – Would it be possible for you to explain this again?

In my understanding, if H1 wants to ping H2 the following happens:

SW1 has an ARP entry which is still valid for H2 (Default 4 hours) but the MAC address table entry has been flushed as 5 minutes have passed – Therefore, SW1 doesn’t know which interface to forward the packet out of, so it broadcasts this traffic out of all interfaces (Which is why H3 receives these). Once SW2 receives the packet it passes it on to H2 – I think the issue is when the reply packet is sent from H2.

As SW2 already has an ARP entry for H1 – An ARP request does not take place and the packet is routed as an IP packet which is why the mac address of H1 is stripped from the frame and replaced with SW2’s own MAC, hence SW1 not ever learning H2’s MAC.

Please let me know if I am completely incorrect with the above description :blush:

Thanks for your support.

Hello Andrew

Let me walk through it myself as well, I think it will be easier to explain:

  1. H1 pings H2
  2. Because H2 is in a different subnet, H1 sends the packet to the default gateway, that is, SVI VLAN 10 on SW1.
  3. SW1 decapsulates the frame and looks at the IP header. Destination IP address is that of H1. If it has the ARP entry, then it knows the destination MAC address to place in the frame header, and it does so.
  4. If it has no entry for the destination MAC in the MAC table, then it will be flooded out of all ports on VLAN 20 and all trunks that include VLAN 20, so H3 does indeed receive it too).
  5. SW2 will receive the packet. If the MAC address of H2 is in the MAC address table, then it will be forwarded only out of Fa0/2. Otherwise it will be flooded to all VLAN 20 ports.
  6. H2 receives the ping, and responds to the IP address of H1. It sends the response to the SVI VLAN 20 of SW2.
  7. It decapsulates the frame, checks the destination IP, and uses the ARP cache to find the destination MAC, and populates the frame header with destination MAC.
  8. If it doesn’t have an entry in the MAC address table for this destination MAC, it will be sent out all of the VLAN 10 access interfaces and trunks that include VLAN 10, reaching SW1.
  9. if the destination MAC is in the MAC table, the frame is forwarded out of Fa0/1 to go to H1. If it is not in the MAC table, it is flooded out of all VLAN 10 access ports and trunk ports that include VLAN 10.

Sorry for restating this, but it helps in verification. Your understanding is indeed correct. SW1 will never learn H2’s MAC address because all traffic between H1 and H2 is routed at SW2, so H1’s MAC address never reaches SW1 for it to be recorded.

I hope this has been helpful!

Laz