Slashdot Mirror
Finding the Truth Behind Cable Modem Traffic Bursts?
Techi asks: "I help to support a small cable modem network in Kansas, and we keep having recurring problems with all the modems in a node bursting extreme amounts of traffic for a period of about 30 seconds. At the end of this 30 second period, the upstream port that the node in question is connected to dies under the pressure. We have recently implemented a fix to keep people from uncapping modems in the form of a config file update from our DHCP system. I know we could have done it differently, but it wasn't my decision. Does anyone have any idea what could be causing 70 or so modems at a time to suddenly erupt with outgoing traffic nonstop until the upstream dies?"
I've seen something like this happen and suspect either dumb/misconfigured DHCP clients, an election process run amok, or some sort of ICMP flurry. No proof either way, since in this case I'm just a user & I just wait it out.
-- MarkusQ
P.S. I have noticed an interesting patterm to the timing though. You might try looking at the times / dates of past events to see if that suggests anything (and it can often suggest a lot).
To me it sounds like what I've heard called an 'ACK Storm'.
;)
It seems to occur when a switch somewhere gets it's MAC table corrupted somehow and starts squirting rubbish onto the network.
I accidentally caused one of these at my uni, by changing the MAC address of my netcard, it brought down the whole network for hours, the switch was continuously broadcasting the last packet it saw.
They never found it was me though
-Yarn - Rio Karma: Excellent
The thing is, though, that this only occurs in one geographical area at a time, and our monitoring systems pick up constant traffic from every single modem in the node in question, so it almost seems more like a denial of service attack, or something on the upstream side of things...
"You think that's air you're breathing now?"