[c-nsp] Too much HSRP traffic - how to limit?
Phil Mayers
p.mayers at imperial.ac.uk
Sun Feb 25 08:21:32 EST 2007
Neal R wrote:
>
> I have some cat 3750 with 125ms hello/375ms hold time in a network
> with a lot of voice traffic. We like the fast failover we get with these
> times but we've got one sort of host that really whines about 32
> multicast packets/second. I've tried all sorts of methods to limit
> traffic destined for 224.0.0.2 on a couple of member ports of a
> particular vlan but I'm not coming up with an answer. Output policing?
> Not supported. The storm-control command limits *input* on ports. Access
> lists seem to be limited to the vlan interface themselves rather than
> the physical port.
>
> I can't be the only one facing this problem - anyone got a recipe for
> this particular issue?
It's particularly annoying isn't it? I really don't understand what the
HSRP designers were thinking. Quite why it doesn't have periodic (slow)
discovery packets and unicast (fast) hellos I don't know. Better yet, an
adjacency process.
The latter in fact would facilitate removing the connected route from
the standby (if the adjacency were out-of-band e.g. loopback-loopback)
and coalescing of multiple groups.
Back in the real world however...
Do the downstream switches have output ACLs? Because the HSRP group is
in the local-subnet multicast range it can't be IGMP-snooped and output
ACLs are about the only way you can deal with it that I've found.
More information about the cisco-nsp
mailing list