[c-nsp] Sup720, multicast bothers the CPU

Phil Mayers p.mayers at imperial.ac.uk
Wed Mar 23 05:04:57 EDT 2011


On 03/23/2011 08:47 AM, Peter Rathlev wrote:
> Sorry if this is a newbie question, but if one would have a Sup720 RP
> being overloaded by multicast packets from a connected segment, what
> should one do?

If you just want to drop all multicast, you could try:

int VlanXX
  ip multicast boundary MULTICAST-drop
ip access-list standard MULTICAST-in
  deny 224.0.0.0 15.255.255.255

Is the sender attached directly to a port on the 6500? There are some 
newer features related to layer2 (as opposed to layer3) multicast ACLs 
in SXH/SXI.

>
> The box in question does not have any multicast configuration at all.
> Does this mean all multicast traffic is sent to the CPU? How would one
> configure a Sup720 to not punt every multicast packet to the CPU?

There are also mls rate-limiters for this, but I'm not sure off the top 
of my head which one you want - we have multicast configured so don't 
need them (the box builds hardware mfib entries, which stops the CPU punts)

>
> The packets are somewhat strange, having fragment offset>  0 all of
> them, but with a TTL of 5. I only know that they're from some kind of
> video service.
>

Huh. Fragment offset? Weird...


More information about the cisco-nsp mailing list