How can we help?

High broadcast traffic alert

Follow

The details shown below are based on the default settings. When editing this alert, you can change the trigger and clear conditions to suit your needs. However, you can’t edit the time period in the trigger or clear conditions.

HighBroadcastTraffic.png

Primary purpose: Notify when the amount of broadcast traffic is greater than the defined thresholds on a device.

Possible causes for this alert include:

  • A malfunction or misconfiguration that’s pushing a lot of traffic
  • A new (possibly rogue) DHCP server that’s been plugged in
  • A loop in the network that’s causing a broadcast storm

Alert severity

Critical

Repetitive alert pause condition

After 10 occurrences within 2 hours against a specific entity, pause the alert for 2 hours

Alert trigger condition

The total packet count and the total broadcast packet percentage are greater than the defined thresholds over a five-minute period.

Alert clear condition

The total packet count and the total broadcast packet percentage are less than or equal to the defined thresholds over a five-minute period.

Action(s) to be taken

  • Check the device the interface is connected to in order to see what could be causing high broadcast traffic. A malfunction or misconfiguration could be pushing a lot of traffic.
  • Check for network loops. Hardware loops can be seen on Auvik’s network map. Unplug where necessary.
  • If the alert is on a managed switch, check logs for spanning tree errors.
  • Check for new switches or hubs that may have be added by the client and not configured properly.
  • For advanced troubleshooting and where the switch permits, set up a port mirror on the port reporting high broadcast traffic. Use a laptop to perform a packet capture on traffic traversing the mirrored port. Use WireShark to inspect the traffic for further insight.

 

Was this article helpful?
3 out of 4 found this helpful
Have more questions? Submit a request