05-28-2008 05:08 AM - edited 03-05-2019 11:16 PM
Hi@all
I have a problem configuring a 6513 with Sup720 and IOS 12.2.18SFX7...
The application generates a lot of broadcast-traffic at UDP-port 12000. The cpu-load of the switch increases up to 100% if the broadcast-load is up to 200Mbit.
Is there a feature in IOS handling broadcast-traffic on module-layer? (e.g. ACLs?)
Are there differences between IOS and CatOS in processing broadcast-traffic?
Thanks for your answers
Markus
05-28-2008 05:13 AM
Why is the app sending so much broadcast traffic?
You can limit the amount of broadcast traffic out of the port:
storm-control broadcast level 5
05-28-2008 09:17 AM
It's a VERY special application that uses broadcast for high-availibility. The app can't use multicast instead.
Using broadcast supression will kill the app in a few seconds.
Is there no other way to handle that traffic?
05-29-2008 07:25 AM
Does everything connected to the switch need to receive these broadcasts? If not, try segmenting the network (if possible) with multiple broadcast domains (one being the special application/broadcast segment) and use inter-vlan routing to have each segment talk to each other.
Hope this helps..
Best of luck.
05-29-2008 09:31 AM
Good idea! We already ssegmented the network. The router-interface in the so called "special broadcast segment" must be protected from the broadcast. I tryed an acl that denyes the broadcast address but "sh proc cpu" told me 99% CPU-load.
Is there an other way to protect this vlan interface from broadcast?
05-29-2008 09:56 AM
Try to prune that VLAN in dot1q trunks so it does not reach other switches. I don't know if it's possible to deny broadcast traffic using access-lists that hits the VLAN interface. something like.
access-list 100 deny ip host 192.168.0.1 host 192.168.0.255
access-list 100 permit ip any any
That way it does not reach the router CPU anymore. Let's see if it will work.
John
05-29-2008 09:57 AM
You could try setting up a private vlan for the devices that need to receive the broadcasts. That way you won't need to use a different subnet just for them. Some port would need to be defined as the promiscuous port so that data could flow in and out of the pvlan. I've done this on smaller 3750 switches, but not on a 6500, so you definitely would want to test it first.
05-29-2008 12:28 PM
You mean connecting 2 vlans by a loop-cable? Or did I misunderstood? I think that wouldn't solve my problem protecting the router from the broadcast.
What about MLS or a multicast-configuration that can handle broadcast-addressing as well?
Did anyone use such a configuration?
05-29-2008 02:12 PM
Just double-checking, but your not having any issues with stp, right? I work with very busy 6500's and the only time I seen them climb up the cpu ladder is when I got some bad stp problems. Give that some research. You might be barking up the wrong tree.
Hope that helps.
Best of luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide