Very high broadcast load on 6500

Unanswered Question
May 28th, 2008
User Badges:

[email protected]


I have a problem configuring a 6513 with Sup720 and IOS 12.2.18SFX7...

The application generates a lot of broadcast-traffic at UDP-port 12000. The cpu-load of the switch increases up to 100% if the broadcast-load is up to 200Mbit.

Is there a feature in IOS handling broadcast-traffic on module-layer? (e.g. ACLs?)

Are there differences between IOS and CatOS in processing broadcast-traffic?


Thanks for your answers

Markus

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
lan-cmmc-ssue Wed, 05/28/2008 - 09:17
User Badges:

It's a VERY special application that uses broadcast for high-availibility. The app can't use multicast instead.

Using broadcast supression will kill the app in a few seconds.


Is there no other way to handle that traffic?

vazquez.jorge Thu, 05/29/2008 - 07:25
User Badges:

Does everything connected to the switch need to receive these broadcasts? If not, try segmenting the network (if possible) with multiple broadcast domains (one being the special application/broadcast segment) and use inter-vlan routing to have each segment talk to each other.

Hope this helps..

Best of luck.

lan-cmmc-ssue Thu, 05/29/2008 - 09:31
User Badges:

Good idea! We already ssegmented the network. The router-interface in the so called "special broadcast segment" must be protected from the broadcast. I tryed an acl that denyes the broadcast address but "sh proc cpu" told me 99% CPU-load.


Is there an other way to protect this vlan interface from broadcast?

John Patrick Lopez Thu, 05/29/2008 - 09:56
User Badges:

Try to prune that VLAN in dot1q trunks so it does not reach other switches. I don't know if it's possible to deny broadcast traffic using access-lists that hits the VLAN interface. something like.


access-list 100 deny ip host 192.168.0.1 host 192.168.0.255

access-list 100 permit ip any any


That way it does not reach the router CPU anymore. Let's see if it will work.


John

jkeeffe Thu, 05/29/2008 - 09:57
User Badges:

You could try setting up a private vlan for the devices that need to receive the broadcasts. That way you won't need to use a different subnet just for them. Some port would need to be defined as the promiscuous port so that data could flow in and out of the pvlan. I've done this on smaller 3750 switches, but not on a 6500, so you definitely would want to test it first.

lan-cmmc-ssue Thu, 05/29/2008 - 12:28
User Badges:

You mean connecting 2 vlans by a loop-cable? Or did I misunderstood? I think that wouldn't solve my problem protecting the router from the broadcast.


What about MLS or a multicast-configuration that can handle broadcast-addressing as well?

Did anyone use such a configuration?

vazquez.jorge Thu, 05/29/2008 - 14:12
User Badges:

Just double-checking, but your not having any issues with stp, right? I work with very busy 6500's and the only time I seen them climb up the cpu ladder is when I got some bad stp problems. Give that some research. You might be barking up the wrong tree.

Hope that helps.

Best of luck.

Actions

This Discussion