[c-nsp] Sup720, multicast bothers the CPU
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 23 05:04:57 EDT 2011
On 03/23/2011 08:47 AM, Peter Rathlev wrote:
> Sorry if this is a newbie question, but if one would have a Sup720 RP
> being overloaded by multicast packets from a connected segment, what
> should one do?
If you just want to drop all multicast, you could try:
int VlanXX
ip multicast boundary MULTICAST-drop
ip access-list standard MULTICAST-in
deny 224.0.0.0 15.255.255.255
Is the sender attached directly to a port on the 6500? There are some
newer features related to layer2 (as opposed to layer3) multicast ACLs
in SXH/SXI.
>
> The box in question does not have any multicast configuration at all.
> Does this mean all multicast traffic is sent to the CPU? How would one
> configure a Sup720 to not punt every multicast packet to the CPU?
There are also mls rate-limiters for this, but I'm not sure off the top
of my head which one you want - we have multicast configured so don't
need them (the box builds hardware mfib entries, which stops the CPU punts)
>
> The packets are somewhat strange, having fragment offset> 0 all of
> them, but with a TTL of 5. I only know that they're from some kind of
> video service.
>
Huh. Fragment offset? Weird...
More information about the cisco-nsp
mailing list