[j-nsp] Multicast/Broadcast Packets going to EX CPU
Chris Evans
chrisccnpspam2 at gmail.com
Wed Mar 5 09:52:13 EST 2014
low TTL on the multicast frames will cause this..
Also the multicast destination addresses will do this too if they're in
224.0.0.0/24
On Wed, Mar 5, 2014 at 8:49 AM, Sebastian Wiesinger <
juniper-nsp at ml.karotte.org> wrote:
> Hello,
>
> I'm currently looking at an EX4500 setup that had a few problems
> related to multicast/broadcast packets going to the CPU (and sometimes
> preventing required packets like LACP reaching the CPU) of the switch.
> I assume this was because the queue between PFE and CPU was full (is
> there a way to check?).
>
> I noticed that multicast and broadcast packets in all VLANs are sent
> to the CPU. My question is why? IGMP snooping and VSTP is not enabled
> on the switch and apart from that I don't see an apparent reason why
> it should do this for tagged frames.
>
> Example of packets being sent to the CPU includes VRRP packets from
> attached routers (DMAC 01:00:5e:00:00:12) and BOOTP/DHCP (DMAC
> ff:ff:ff:ff:ff:ff) packets.
>
> Would an lo0 firewall filter help? Is this applied before or after the
> packets are sent over the PFE-CPU link?
>
> Perhaps you could share your ideas on how this could be prevented and
> what you're doing to protect the CPU on these EX boxes.
>
> Regards
>
> Seastian
>
> --
> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
> -- Terry Pratchett, The Fifth Elephant
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list