[c-nsp] Stopping MLD responses & protecting CPU from MLD queries
James A. T. Rice
james_r-cnsp at jump.org.uk
Fri Jan 27 10:15:35 EST 2017
Hi Saku,
> On 26 Jan 2017, at 16:08, Saku Ytti <saku at ytti.fi> wrote:
>
> If you allow MCAST in CoPP and MLS rate-limit, you can drop them in HW.
With MLS rate-limit on 15.1SY sup720-3b:
# mls qos
# mls rate-limit multicast ipv6 mld 10 1
# show mls rate-limit
Rate Limiter Type Status Packets/s Burst Sharing
MCAST IPv6 MLD On 10 1 Not sharing
Router#show proc cpu sorted 5sec
CPU utilization for five seconds: 91%/33%; one minute: 66%; five minutes: 38%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
413 98708 999825 98 34.95% 25.32% 13.95% 0 MLD
319 58508 984863 59 22.71% 16.74% 9.23% 0 IPv6 Input
There is no decrease in CPU usage at all on the 6500, the mls rate-limit does not seem to work.
There appears to be a Cisco 'wontfix' bug for this:
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuo37358
Cisco Bug: CSCuo37358 - IPv6 multicast rate limiters are not working in 6500
Last Modified: Sep 23, 2015
Status: Terminated
Severity: 2 Severe
Workaround: None
Further Problem Description: NIL
Known Affected Releases: 12.2(33)SXJ3.1
Known Fixed Releases: No release planned to fix this bug
It seems hard to believe this mls rate-limit mld feature never worked at all, has anyone here ever verified it working?
If so, any information on specific circumstances it will and won't work in?
Thanks
James
More information about the cisco-nsp
mailing list