Ethernet jamming

by Paul Johnson   Last Updated October 23, 2017 18:00 PM

I just had a weird experience on my home network. Our ethernet went down; pinging an adjacent host was impossible. I checked the switch; all lights were on and flickering, although they were flickering in synch which was a bit worrying. Then I noticed that my Linux box had crashed (unresponsive to mouse and keyboard). I hit the reset button, and at that moment the network cleared.

This would be of only academic interest, except that my employer happens to be in a business where service continuity is of great importance. Critical data is sent over dual independent ethernet LANs. Our reliability models assume that the only thing that could take down an entire LAN is a failed switch. So the idea that a single malfunctioning host could do it is ... worrying.

This message on a Cisco forum says its impossible so don't worry.

This report about an outage in the US Customs sounds similar: a malfunctioning Ethernet card bought down their network. That was a single network and it sounds like a hardware fault, so it wouldn't bring down both of our dual networks. But I'm wondering: could a device driver bug wedge a card into a state where it was jamming the network? If so then if it was driving two bonded channels it might wedge both in the same way.

Does anyone know more about the potential failure modes of Ethernet?

Answers 2

Switches run code, in their firmware. Sometimes that code is buggy, and unexpected input can crash the switch. So yes, a misbehaving host can crash a switch. It's not really likely, but it can happen.

Years ago (2003 maybe?) I had unmanaged Netgear switches that would fall down 2-4 times a week, as if they were undergoing a broadcast storm - like your description above. Rebooting the stack was the only fix. Netgear support said they had a known issue with running IP and IPX on these, and since they were unmanaged, there was nothing to troubleshoot. They had been EoL with no further firmware upgrades, so they replaced them with newer managed switches, under warranty.

As far as "please list all potential failure modes of Ethernet" - no, that's a silly request. For your own education, though, read up on spanning-tree loops, that's a common user-induced failure mode.

October 23, 2017 17:42 PM

Here are just a few things that can cause the behavior you witnessed:

  1. A switch loop.

  2. Malware.

  3. A bad/defective NIC.

  4. A buggy/misbehaving NIC driver.

  5. A Broadcast storm (usually associated with a switch loop).

October 23, 2017 17:48 PM

Related Questions

Protect against DOS with iptables

Updated March 19, 2017 15:00 PM