Many of my regular customers refer to me as the ‘Network Janitor’ because I seem to gravitate to ‘cleaning up’ networks.
In some cases, yes physically cleaning up and organizing datacenters, wiring closets, etc – kind a network version of a personal organizer.
In most cases though I clean up the network from the packet perspective. For years I have been preaching concepts such as ‘The pc bootup and login baseline’ as well as “The VLAN or subnet broadcast analysis”.
In both cases, I look for unnecessary traffic to make things run smoother and more efficiently.
In this specific example a HP printer was using its default NTP configuration where it transmits a broadcast packet looking for its time server or services. Since this is a large flat network, hundreds of devices ARP for the printer. This wouldn’t be an issue if there were fewer devices within this VLAN, but like I just said, hundreds of devices respond with an ARP broadcast. Depending when the device’s arp tables expired, I observer anywhere from approx 50 – 7,000 broadcasts per second.
After seeing this the symptoms made perfect sense. When there a lot of ARP’s the wireless users got kicked off as well as general performance issues everywhere. When there where less, then there was just performance issues and general network slowdowns. Yikkes!!
Fortunately in this case just the one printer was configured this way and was easy modified. Regardless, I showed the customer how their current network design is affected by broadcasts.