[lug] XP floods linux network, ideas ?
Dean Brissinger
Dean.Brissinger at vexcel.com
Tue May 3 18:15:23 MDT 2005
On Tue, 2005-05-03 at 15:02 -0600, chuck morrison wrote:
> On Tuesday 03 May 2005 01:19 pm, Ken MacFerrin wrote:
> ...
> > > Chuck,
> > > If these are Win 2K/XP machines and you have DNS setup for your network
> > > you can disable NetBIOS over TCP/IP on the Windows machines. I would
> > > think this should stop the NBNS floods.
>
> I've tried that. Problem there is that it eliminates access to old workgroup
> shares. Not a problem for me :) , but the windows users would complain, to
> say the least.
Windows 98 (release 2) and newer have the APIPA model. APIPA
spontaneously creates a small network without requiring any
configuration. It is intended for very small networks. You can provide
a set of common services to keep APIPA away. Proper dhcp, ddns, a PDC,
AD, and/or WINS are needed. In APIPA mode your machines broadcast for a
DHCP server once every 5 minutes. And broadcast about 10 times to
discover other machines on the network every 15 minutes. From what you
describe you might have a large network loop or all 100 machines are
broken at once.
From your posts it sounds like you have at least 100 Windows machines
not using a domain controller or active directory. Also I read that you
have no broadcast filtering or segmenting. You can get a high
performance layer 3 switch to control these kinds of problems with VLANs
for about $5K. With 100 Windows machines you are overdue for a Windows
server. Samba works great for file sharing but it is not a Windows
server replacement for a large network.
> Part of the issue is that if dhcp fails, the PC uses APIPA (like zeroconf)
> gives itself a 169.254.x.x address for a while, until it gets a real dhcp
> address. It's not that dhcp fails, but that when switching networks XP
> doesn't ask the right questions right away. During that time it's spewing
> netbios broadcasts from that address. Given that our network is a 192.168.x.x
> range, there is no way a wins server can reply to the spewed broadcasts (at
> least directly).
>
> I'll look into providing an interface into 169.254.0.0 from the wins server.
Is the lease time on your dhcp server is too short? Try making it
twice as long as it takes a laptop to leave and come back. Say 2 days
or 1 week for users who regularly come and go. You will have this
problem with any laptop regardless of the OS. Linux/Unix however don't
try to spontaneously create a network like the home PC marketed
machines. They instead just hang up for a while.
More information about the LUG
mailing list