[c-nsp] Cat4500 High CPU with Multicast Stream

Peter Rathlev peter at rathlev.dk
Wed Jul 13 09:19:47 EDT 2011


On Wed, 2011-07-13 at 12:59 +0100, Antonio Soares wrote:
> Usually the multicast streams are destined to 224.x.x.x. The end users do
> not respect the 239 rule.

Beware that traffic to 224.0.0.0/24 (Local Network Control Block) is
_always_ process switched and will never be blocked by any switch. As
long as these addresses are used the traffic will be punted.

I could imagine that the LNCB addresses were used exactly because
they're always forwarded. They might have tried using 239-addresses
(Organization-Local Scope) but maybe couldn't get it to work. Typically
Cisco access switches are running IGMP Snooping, and will not forward
multicast traffic without either an IGMP Snooping Querier or a PIM
enabled device on the VLAN (unless it's LNCB). If all traffic is
intra-VLAN you could just add "ip igmp snooping querier" to the relevant
SVI and move the clients to 239.x.y.z addresses.

You could also block traffic to these multicast addresses on the SVIs
with (hardware) ACLs. Beware that OSPF, HSRP et cetera actually use LNCB
addresses, and it's probably not smart to block these.

-- 
Peter




More information about the cisco-nsp mailing list