[c-nsp] Reasons for "random" ISIS flapping?

Pete Lumbis alumbis at gmail.com
Wed Aug 21 23:29:13 EDT 2013 

Was the traffic from a connected source? The rate limiter you mentioned
only applies for local sources
http://www.cisco.com/en/US/docs/ios-xml/ios/security/m1/sec-cr-m2.html#wp1716645027

The key would be to understand the punt reason for that traffic, most
likely through a NetDR capture.

As a wide net here are some rate limiter numbers I found. YMMV.

mls rate-limit all ttl-failure 100 10

mls rate-limit multicast ipv4 fib-miss 10000 250

mls rate-limit multicast ipv4 partial 500 250

mls rate-limit multicast ipv4 connected 2500 250


Fib-miss will be for everything not matching an mroute entry, partial is a
Partial-SC mroute entry. You may want to also configure non-rpf rate
limiter.



On Wed, Aug 21, 2013 at 6:08 PM, Peter Rathlev <peter at rathlev.dk> wrote:

> On Wed, 2013-08-07 at 12:37 +0200, Peter Rathlev wrote:
> > I've started recording the RP traffic. Unfortunately I can't do a local
> > capture of this traffic, so I have to resort to ERSPAN. Which is fine
> > except if the device actually loses connectivity shortly when
> > experiencing this.
> >
> > I'll wait with adjusting anything until next time I see the problem,
> > hoping that I can come closer to a reason.
>
> As a follow up, the next time it happened we had a look at the traffic
> sent to the RP CPU and could see a flood of multcast packets destined
> for 239.255.255.253 from a remote host. The traffic is forwarded by the
> primary router connected to this VLAN (where the affected device is a
> standby router) and hits the affected device on the LAN side.
>
> It was an error that this traffic could traverse the network at all, but
> technically someone could do this locally. The affected device has "mls
> rate-limit multicast ipv4 connected 500 50" which I would have guessed
> would actually limit what the CPU receives. I didn't seem to though, so
> what am I doing wrong? :-)
>
> As far as I remember CoPP can't help with multicast traffic in hardware.
> Is it one of the other mls rate-limiters I need?
>
> --
> Peter
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list