[lug] XP floods linux network, ideas ?
chuck morrison
cmorrison at greeleynet.com
Tue May 3 18:35:30 MDT 2005
On Tuesday 03 May 2005 06:15 pm, Dean Brissinger wrote:
> On Tue, 2005-05-03 at 15:02 -0600, chuck morrison wrote:
> > On Tuesday 03 May 2005 01:19 pm, Ken MacFerrin wrote:
> > ...
> >
> > > > Chuck,
> > > > If these are Win 2K/XP machines and you have DNS setup for your
> > > > network you can disable NetBIOS over TCP/IP on the Windows machines.
> > > > I would think this should stop the NBNS floods.
> >
> > I've tried that. Problem there is that it eliminates access to old
> > workgroup shares. Not a problem for me :) , but the windows users would
> > complain, to say the least.
>
> Windows 98 (release 2) and newer have the APIPA model. APIPA
> spontaneously creates a small network without requiring any
> configuration. It is intended for very small networks. You can provide
> a set of common services to keep APIPA away. Proper dhcp, ddns, a PDC,
> AD, and/or WINS are needed. In APIPA mode your machines broadcast for a
> DHCP server once every 5 minutes. And broadcast about 10 times to
> discover other machines on the network every 15 minutes. From what you
> describe you might have a large network loop or all 100 machines are
> broken at once.
APIPA, from what I've read, is not intended for use in networks over 25
machines. IMHO it is too poorly designed to be shipping as the default, as MS
does with win XP. We have disabled APIPA on roughly 100 machines and the
flooding problem has stopped.
By snooping the network broadcasts I can affirm that the 5000 broadcast
packets per second were all coming from the same source, which isn't to say
that other PCs weren't replying, but they weren't doing so by broadcast.
> From your posts it sounds like you have at least 100 Windows machines
> not using a domain controller or active directory. Also I read that you
> have no broadcast filtering or segmenting. You can get a high
> performance layer 3 switch to control these kinds of problems with VLANs
> for about $5K. With 100 Windows machines you are overdue for a Windows
> server. Samba works great for file sharing but it is not a Windows
> server replacement for a large network.
I am in fact looking into getting a decent managed L3 switch and doing some
segmenting and such. The company was originally set up a few years ago and
hasn't significantly changed network design since. That was when there were
about 10 people here, mostly using Linux. Now it's over 150 mostly using Win
XP. But the backbone is still Linux.
I disagree that samba can't be a server replacement for a moderate sized
network. I don't think 100-300 is large. I've set up openldap for
authentication and am migrating folks over slowly to the domain running on
Samba 3. It isn't a complete replacement for AD and Win2003 server, but so
far it's doing what we need.
> > Part of the issue is that if dhcp fails, the PC uses APIPA (like
> > zeroconf) gives itself a 169.254.x.x address for a while, until it gets a
> > real dhcp address. It's not that dhcp fails, but that when switching
> > networks XP doesn't ask the right questions right away. During that time
> > it's spewing netbios broadcasts from that address. Given that our network
> > is a 192.168.x.x range, there is no way a wins server can reply to the
> > spewed broadcasts (at least directly).
> >
> > I'll look into providing an interface into 169.254.0.0 from the wins
> > server.
>
> Is the lease time on your dhcp server is too short? Try making it
> twice as long as it takes a laptop to leave and come back. Say 2 days
> or 1 week for users who regularly come and go. You will have this
> problem with any laptop regardless of the OS. Linux/Unix however don't
> try to spontaneously create a network like the home PC marketed
> machines. They instead just hang up for a while.
Lease time is about 2 days. We often have folks going offsite for a month at a
time.
More information about the LUG
mailing list