[j-nsp] Multicast/Broadcast Packets going to EX CPU
Andy Litzinger
Andy.Litzinger at theplatform.com
Wed Mar 5 11:23:21 EST 2014
Chris, can you elaborate on why low TTL on multicast frames will cause high CPU?
Sebastien, as Chris pointed out anything in the 224.0.0.0/24 will hit the CPU, but so will a few other ranges that fall into the Link-Local block. This is a good guide someone else on the list forwarded me a few months back: http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00802d4643.shtml#wp1002391
do you have any other multicast sources hitting the 4500? I kind of doubt you've got enough VRRP traffic to peg your CPU.
I believe you can put a multicast policier in your lo0 filter, but you need to size it appropriately to allow the multicast required in your network (including things like VRRP).
HTH,
-andy
________________________________________
From: juniper-nsp [juniper-nsp-bounces at puck.nether.net] on behalf of Chris Evans [chrisccnpspam2 at gmail.com]
Sent: Wednesday, March 05, 2014 6:52 AM
To: Juniper NSP
Subject: Re: [j-nsp] Multicast/Broadcast Packets going to EX CPU
low TTL on the multicast frames will cause this..
Also the multicast destination addresses will do this too if they're in
224.0.0.0/24
On Wed, Mar 5, 2014 at 8:49 AM, Sebastian Wiesinger <
juniper-nsp at ml.karotte.org> wrote:
> Hello,
>
> I'm currently looking at an EX4500 setup that had a few problems
> related to multicast/broadcast packets going to the CPU (and sometimes
> preventing required packets like LACP reaching the CPU) of the switch.
> I assume this was because the queue between PFE and CPU was full (is
> there a way to check?).
>
> I noticed that multicast and broadcast packets in all VLANs are sent
> to the CPU. My question is why? IGMP snooping and VSTP is not enabled
> on the switch and apart from that I don't see an apparent reason why
> it should do this for tagged frames.
>
> Example of packets being sent to the CPU includes VRRP packets from
> attached routers (DMAC 01:00:5e:00:00:12) and BOOTP/DHCP (DMAC
> ff:ff:ff:ff:ff:ff) packets.
>
> Would an lo0 firewall filter help? Is this applied before or after the
> packets are sent over the PFE-CPU link?
>
> Perhaps you could share your ideas on how this could be prevented and
> what you're doing to protect the CPU on these EX boxes.
>
> Regards
>
> Seastian
>
> --
> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
> -- Terry Pratchett, The Fifth Elephant
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list