Overlarge collision domain and broadcast domain make the occupation rate of CPU of the router reach 100%

Publication Date:  2012-07-27 Views:  118 Downloads:  0
Issue Description

Networking diagram: Public network--R2611--HUB--PC



R2611 serves as the router for a net-bar, and it enables NAT, making the PC attached capable of accessing public network. The IP segment used by PC is 192.168.0.0192.168.1.254, but for the sake of convenience, the router is configured with the segment of 192.168.0.0/16. Later, access to network turns to slow, even fails. 



Alarm Information
According to checkup, no alarm is found at router, and the occupation rate of CPU is about 90%, even 100%.  

Handling Process
Narrow the broadcast domain at the router, and reduce the range of address mask to 192.168.0.0/23; the occupation rate of CPU of the router falls back to 50. Services are recovered.

Root Cause

Capture packets between HUB and router: a large deal of broadcast packets come from HUB, which account for 70% plus of the total packets; moreover, and the destination addresses of the broadcast packets are out of the IP segment used by PC (for example, destination address of 192.168.12.116);



Why a great deal of destination addresses are inexistent broadcast addresses: most of LAN games look for neighbors via scanning the network, and they will scan all hosts (including the address of PC that is not in the segment) in the current network segment, so once there are too multiple users playing the game, such packets will appear then;



Analysis on reasons: The router is configured with overlarge network segment, resulting in an overlarge broadcast domain; additionally, HUB functions as the converging equipment, which is incapable of isolating collision domain and broadcast domain; thus, the packets with destination addresses out of the network segment surge to the router, making the occupation rate of CPU very high.  



Suggestions
The environment of net-bar is special, and PCs in it often have the need to play LAN game, so it is very hard to isolate collision, broadcast or virus effectively. We could set a smaller broadcast domain at the router, or use switch to fix the collision, which is important for networking in net-bar.  

END