- Bronze, 100 points or more
need some help with something.
to block hosts joining multicast groups, there are a quite a lot of options, igmp filter profiles, igmp access groups etc.
But i was wondering if there is something of similar nature for sources, i dont mean source specific multicast, there is one source that is sending traffic for a lot of multicast groups, eg , 220.127.116.11, 18.104.22.168, 22.214.171.124 , the source is 10.40.10.10
what is the best way to configure so that a router will only allow through certain groups , such that when i do a ... #sh ip mroute , i dont see all the other groups , i only want 126.96.36.199 allowed through that sparse mode interface.
Are you sure the ACL causes the cpu spike? There are other reasons can cause cpu high because packets been process switched. For example, if the FHR is not same as RP, it will send out join to the RP; that unicast join will be process switched. So, you can exclude the unwanted group from rp-group mapping acl. Another example, if the multicast traffic has ttl=1, it will be process switched as well.
If you use 6500, as long as ACL doesnt exceed the tcam size, cpu will not be used. However, for any packet need to be process switched, it will still be process switched on 6500.