Hello can someone please help me with the following question. We are trying to troubleshoot a performance issue between a Windows Server/s and a NetApp c-mode filer (network attached storage device) We have a number of Windows Servers which each having two network cards one card is attached to VLAN-A and the other network card on VLAN-B. VLAN-B being the VLAN where the NetApp storage device is also connected (there is no default gateway for any host on VLAN-B as it does not need to be routable) Did a quick WireShare trace and we saw lots (and I mean lots) of ARP broadcasts where the Windows Servers (e.g. the IP addresses attached to VLAB-B) are asking who has IP address x.x.x.x, in other words, the network IP address for the NIC on the NetApp filers also on VLAN-B. When you look at the ARP cache on these Windows Servers you can see the MAC address in question is already in the cache, therefore I cannot see why these Windows Server keep ARPing when they already have an entry in their ARP cache. Any advice most welcome Thanks Ernie asked 08 Nov '16, 09:11  EBrant |
One Answer:
Depending on your Windows version you might see different behavior in the TCP/IP stack. I hope that you are using not using Server 2003 / Windows XP or anything older. First, Windows has a habit of refreshing the ARP cache. This is a normal, as long as the ARP requests are not excessive. There is a good description of the ARP behavior in Microsofts KB949589. Another point in the Windows operating system is a multi homed network on a disjoint network. "Multi homed" means that you have two or more network interfaces. "Disjoint" means that the two network segments are not connected. On older systems (i. e. pre-Vista) Windows would handle the situation poorly and requires serious tweaking. This became better with the rewritten TCP/IP in Vista. A few recommendations are given in a Technet Blog entry Lastly, certain cluster protocols can mess with the IP stack. For a more detailed analysis, as pointed out by Christian_R, a trace would be helpful. Good hunting answered 08 Nov '16, 10:07  packethunter @packethunter Interesting links. Thanks. (08 Nov '16, 11:46) Christian_R Hello Packet Hunter Thanks for taking the time to give me a detailed answer with several options to look at. I am not in the office tomorrow so will with go over the links you posted later in the week. FYI, I am seeing ARPs several times a second, and several times in a row. The NetApp cluster has 4 LIFs whereby one if preferred and the others standby so maybe it is not configured as it should be and flipping between these 4 possible paths (I will have to ask the NetApp guys to check if this is possible). Thanks very much again, once I have read your links I will try to post a trace Ernie (08 Nov '16, 13:52) EBrant |
Could you provide us a trace at public accessible place; like cloudshark or google drive.