[c-nsp] 3560 leaking broadcasts

Mateusz Blaszczyk blahu77 at gmail.com
Wed Mar 10 15:37:07 EST 2010 

actually I don't know if that might help but I have mentioned that to
cisco tac when working on something completely unrelated on 3560 /
52SEx
Contact me off-list for the tac case number.

Aha - I was seeing both PIM and OSPF being leaked out from local SVI
towards an layer 3 "no switchport" interface. I don't remember if the
multicast was originated by the switch that leaked the traffic or it
was coming from local neighbour on that vlan (SVI).

Best Regards,

-mat

On 10 March 2010 19:47, Mateusz Blaszczyk <blahu77 at gmail.com> wrote:
> Hey,
>
> I saw it specifically on 53SE on 3750 (12port)
> 53SE for 3560 was ok.
> It didn't concern me much because it was testlab only and I wasn't
> going to use it for production.
> BTW 52SE doesn't have this problem.
>
> I think you should open a tac case,
>
> Best Regards,
>
> -mat
>
> On 10 March 2010 07:48, Ian Henderson <ianh at ianh.net.au> wrote:
>>
>> Hi folks,
>>
>> Has anyone ever seen broadcasts leaking from an SVI into a layer 3 interface
>> on a 3560?
>>
>> We've got a managed Ethernet link between a 3560G-48TS (Auckland,
>> 12.2(50)SE1 IP Services) and a 3750G-24TS (Sydney, 12.2(53)SE IP Services)
>> configured as a /31 layer 3 interface on both sides. The link runs OSPF in
>> area 64, and PIM sparse mode. Both Sydney and Auckland have a number of
>> SVIs.
>>
>> [Hosts] -- VLAN 11 -- SVI11[Sydney]L3 -- /31 link -- L3[Auckland]
>>
>> Sydney config:
>> interface GigabitEthernet1/0/25
>>  description Auckland:Gi0/47
>>  no switchport
>>  ip address x.x.x.193 255.255.255.254
>>  no ip redirects
>>  no ip proxy-arp
>>  ip pim sparse-mode
>>  ip ospf cost 50
>>  speed nonegotiate
>>  priority-queue out
>>  service-policy input SET-DSCP-TRUST
>>
>> Auckland config:
>> interface GigabitEthernet0/47
>>  description Sydney:Gi1/0/25
>>  no switchport
>>  ip address x.x.x.192 255.255.255.254
>>  no ip redirects
>>  no ip proxy-arp
>>  ip pim sparse-mode
>>  ip ospf cost 200
>>  speed 100
>>  duplex full
>>  priority-queue out
>>  service-policy input SET-DSCP-TRUST
>>
>> On the Auckland 3560, OSPF constantly reports a mismatched area ID, even
>> though the area 64 session is up. PIM shows two neighbors, even though its a
>> point to point link. The IP address listed in both messages is the Sydney
>> 3750's Vlan11 address.
>>
>> Mar 10 19:53:14.662 NZDT: %OSPF-4-ERRRCV: Received invalid packet:
>> mismatch area ID, from backbone area must be virtual-link but not found
>> from x.x.x.138, GigabitEthernet0/47
>>
>> Auckland#show ip pim nei
>> PIM Neighbor Table
>> Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
>>      P - Proxy Capable, S - State Refresh Capable
>> Neighbor          Interface                Uptime/Expires    Ver   DR
>> Address
>> Prio/Mode
>> x.x.x.138     GigabitEthernet0/47      02:25:20/00:01:20 v2    1 / S P
>> x.x.x.193     GigabitEthernet0/47      02:25:21/00:01:37 v2    1 / DR S P
>>
>> Some debugging revealed something odd - when performing 'show mac- address
>> xxxx' on the internally assigned VLAN for Gi1/0/25 on Sydney, I see MAC
>> addresses listed against VLAN 11.
>>
>> Sydney#show vlan int usage
>>
>> VLAN Usage
>> ---- --------------------
>> 1006 GigabitEthernet1/0/3
>> 1007 GigabitEthernet1/0/25
>>
>> Sydney#show mac- vlan 1007
>>          Mac Address Table
>> -------------------------------------------
>>
>> Vlan    Mac Address       Type        Ports
>> ----    -----------       --------    -----
>>  All    0100.0ccc.cccc    STATIC      CPU
>>  All    0100.0ccc.cccd    STATIC      CPU
>>  All    0180.c200.0000    STATIC      CPU
>>  All    0180.c200.0001    STATIC      CPU
>>  All    0180.c200.0002    STATIC      CPU
>>  All    0180.c200.0003    STATIC      CPU
>>  All    0180.c200.0004    STATIC      CPU
>>  All    0180.c200.0005    STATIC      CPU
>>  All    0180.c200.0006    STATIC      CPU
>>  All    0180.c200.0007    STATIC      CPU
>>  All    0180.c200.0008    STATIC      CPU
>>  All    0180.c200.0009    STATIC      CPU
>>  All    0180.c200.000a    STATIC      CPU
>>  All    0180.c200.000b    STATIC      CPU
>>  All    0180.c200.000c    STATIC      CPU
>>  All    0180.c200.000d    STATIC      CPU
>>  All    0180.c200.000e    STATIC      CPU
>>  All    0180.c200.000f    STATIC      CPU
>>  All    0180.c200.0010    STATIC      CPU
>>  All    ffff.ffff.ffff    STATIC      CPU
>>  11    0012.80bf.1718    DYNAMIC     Gi1/0/24
>>  11    0012.80bf.1743    DYNAMIC     Gi1/0/24
>>  11    0015.c695.b495    DYNAMIC     Gi1/0/1
>>  11    0015.c6fa.1e35    DYNAMIC     Gi1/0/24
>> Total Mac Addresses for this criterion: 24
>>
>> Sydney#show run int vlan11
>> Building configuration...
>>
>> Current configuration : 185 bytes
>> !
>> interface Vlan11
>>  description ASA Network
>>  ip address x.x.x.138 255.255.255.248
>>  no ip redirects
>>  no ip unreachables
>>  no ip proxy-arp
>>  ip pim sparse-mode
>>  ip ospf cost 5
>> end
>>
>> I quickly threw it together in the lab and couldn't ping between a host on
>> the VLAN and Auckland, so suspect its broadcast/multicast traffic only.
>>
>> Hunting around the network, this appears to happen on every 3560, 3560E, and
>> 3750 I could find. 6500 Sup720 doesn't seem to be impacted. Other than the
>> error message (which is uncommon, most links are in the same OSPF area) and
>> the PIM neighbors (new rollout), I can't see anything thats actually causing
>> a problem. Although I'm concerned if there's a broadcast storm, we may
>> exhaust bandwidth on routed links.
>>
>> So, has anyone seen this before? Is it a bug or design limitation on the
>> 3560/3750 platform? Is there any other way to make layer 3 interfaces work
>> other than a hardware upgrade?
>>
>> Thanks,
>>
>>
>>
>> - I.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>

More information about the cisco-nsp mailing list