[c-nsp] Cat4500 High CPU with Multicast Stream
Antonio Soares
amsoares at netcabo.pt
Wed Jul 13 10:53:38 EDT 2011
It seems I need some sort of CoPP protection. I found a very nice document:
Infrastructure Protection on Cisco Catalyst 6500 and 4500 Series Switches
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf
I'm now reading the section "CoPP on Catalyst 4500".
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Peter Rathlev [mailto:peter at rathlev.dk]
Sent: quarta-feira, 13 de Julho de 2011 14:20
To: Antonio Soares
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat4500 High CPU with Multicast Stream
On Wed, 2011-07-13 at 12:59 +0100, Antonio Soares wrote:
> Usually the multicast streams are destined to 224.x.x.x. The end users do
> not respect the 239 rule.
Beware that traffic to 224.0.0.0/24 (Local Network Control Block) is
_always_ process switched and will never be blocked by any switch. As
long as these addresses are used the traffic will be punted.
I could imagine that the LNCB addresses were used exactly because
they're always forwarded. They might have tried using 239-addresses
(Organization-Local Scope) but maybe couldn't get it to work. Typically
Cisco access switches are running IGMP Snooping, and will not forward
multicast traffic without either an IGMP Snooping Querier or a PIM
enabled device on the VLAN (unless it's LNCB). If all traffic is
intra-VLAN you could just add "ip igmp snooping querier" to the relevant
SVI and move the clients to 239.x.y.z addresses.
You could also block traffic to these multicast addresses on the SVIs
with (hardware) ACLs. Beware that OSPF, HSRP et cetera actually use LNCB
addresses, and it's probably not smart to block these.
--
Peter
More information about the cisco-nsp
mailing list