02-25-2013 03:55 AM - edited 03-07-2019 11:55 AM
Hello all,
We have the attached topology.
The two servers (red hat) use multicast for their heartbeat. Unrouted vlan 99 (only layer 2) is configured on the VTP Servers (6509).
I have read this document
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml
Switches 1 and 2 have IOS: c2960s-universalk9-mz.122-55.SE3.bin
and the 6509: s72033-advipservicesk9_wan-mz.122-18.SXF17a.bin
IGMP snooping is enabled on the 2960 switches.
In order for the heartbeat of the servers to work, I have tried these solutions:
I want static mac entries on the switches to be my last resort, since the number of red hat servers on the network is going to increase and I want to give a more generic solution to the issue.
Any insight on the matter would be extremely helpful.
Thank you in advance,
Katerina
02-26-2013 12:15 AM
There seems to be something wrong with the files I uploaded, so I will describe the topology.
We have two 6509 connected via Portchannel. Switches Sw1 & Sw2 have redundant connections to both 6509 and the two servers (srv1 & srv2) have redundant connections to both Sw1 & Sw2.
Thanks!
02-26-2013 02:59 AM
Hello Katerina,
I would suggest the following:
a) when disabling IGMP snooping for Vlan 99 try do this on all involved switches including the two C6509
this approach may be acceptable if vlan 99 is dedicated to these heartbeats
b) a possible different approach to take advantage of IGMP snooping may be the following: vlan 99 should be not routed, however you can think of Vlan 99 SVIs as member of a dedicated VRF with multicast routing enabled. In this way traffic should be isolated in Vlan 99, but IGMP snooping can be used or at least combined with ip igmp querier.
Hope to help
Giuseppe
02-26-2013 03:24 AM
Hello Giuseppe,
I don't think that igmp snooping is enabled on my 6509. "sh ip igmp snooping statistics" shows absolutely nothing. Is there another way to verify this?
I don't follow your second suggestion.
I have already created an SVI on the 6509 (even though the vlan is unrouted). Do you propose to add the command "ip igmp querier" under the SVI and globally enable multicast routing?
Thanks in advance,
Katerina
02-26-2013 05:22 AM
have you tried enabling mrouter on a layer2 port connecting your switches?
02-26-2013 05:23 AM
see this http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml hopefully it might help
02-26-2013 05:40 AM
Hello francisco_1,
I have tried everything that is written in the document you suggested. Maybe the system guy is doing something wrong!
Every time I implement one of the things in the document (except for pim, which is not suited in our case) he says that the multicast is not working (unfortunately I cannot check it myself, or is there a way????)!
I have now added the static entries, but I really do prefer to go with either mroute or querier!!!!
So, questions:
Thanks in advance,
Katerina
02-26-2013 05:44 AM
so the next step i would take is confirm these servers are sending multicast traffic /etc. you could try tcpdump on the servers and also use netstat to verify few things like netstat -g shows which interface & mulicast group they are joining /etc
user1@servers1:/home/user1> netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
eth0 1 239.255.254.255
eth0 1 239.2.11.71
eth0 1 all-systems.mcast.net
eth1 1 all-systems.mcast.net
lo 1 ipv6-allnodes
eth0 1 ff02::1:ff59:7631%lo
eth0 1 ipv6-allnodes
eth1 1 ipv6-allnodes
eth3 1 ipv6-allnodes
eth4 1 ipv6-allnodes
eth2 1 ipv6-allnodes
eth5 1 ipv6-allnodes
eth0 1 239.2.11.71
user1@servers1:/home/user1> netstat -s
pExt:
InNoRoutes: 0
InTruncatedPkts: 0
InMcastPkts: 4246526
OutMcastPkts: 944798
InBcastPkts: 576198
OutBcastPkts: 0
InOctets: 8140682997
OutOctets: 11416376132
InMcastOctets: 173821630
OutMcastOctets: 54146926
InBcastOctets: 83425218
OutBcastOctets: 0
02-26-2013 05:34 AM
Hello Katerina,
it looks like strange to have igmp snooping disabled on the C6509.
IGMP snooping is enabled by default if your configuration does not contain
no igmp snooping
at global configuration level I would say it is still enabled
You can check with
show ip igmp interface vlan#
I don't know why the show command you are using has an empty output
see
B)
my second suggestion is more complex: what I'm suggesting is to use a VRF with multicast enabled on the VRF and to put SVI vlan 99 into it, in this way the traffic can be routed but it is isolated at the same time from global routing table.
see
ip vrf mvpn-cus1
rd 200:1
route-target export 200:1
route-target import 200:1
mdt default 239.1.1.1
!
ip multicast-routing
ip multicast-routing vrf mvpn-cus1
+
interface vlan 99
ip vrf forwarding mvpn-cus1
! retype ip address and mask
ip address x.x.x.x 255.255.255.y
ip pim sparse-dense-mode
!
this enables PIM and IGMP in vlan 99. Now the only possible issue is if the server NICs answer regularly to the IGMP queries or not.
If they do not answer to IGMP queries disabling IGMP snooping is the only avaiable option.
I have seen some servers using as heartbeat link local addresses like 224.0.0.xx. This range of local link multicast addresses is not processed by IGMP snooping and it should work with default configuration.
It would be wise to know what multicast address is used for this heartbeat function. performing a packet capture on the server NIC or using a SPAN session on the switch can give this answer,
Edit:
the multicast heartbeat could even be non IP based but just an OSI layer 2 multicast frame, so a packet capture is a wise step.
Hope to help
Giuseppe
02-26-2013 06:03 AM
The mutlicast address of the heartbeat is 239.192.48.105, so there are no problems with link local address (224.0.0.xxx).
There is no command "no igmp snooping" on the 6509, but "show ip igmp interface vlan x" has the following (for any vlan not admin shut - vlan 99 is admin shut, since it is only layer 2):
sh ip igmp interface vlan 21
Vlan21 is up, line protocol is up
Internet address is xxxxxx/24
IGMP is disabled on interface
Multicast routing is disabled on interface
Multicast TTL threshold is 0
No multicast groups joined by this system
IGMP snooping is globally enabled
IGMP snooping is enabled on this interface
IGMP snooping fast-leave (for v2) is disabled and querier is disabled
IGMP snooping explicit-tracking is enabled
IGMP snooping last member query response interval is 1000 ms
IGMP snooping report-suppression is enabled
So I guess that igmp snooping is globally enabled, even though "show ip igmp interface (without the vlan word)" shows nothing.
So, in order to "broadcast" the multicast traffic I should disable igmp snooping for vlan 99 on all implicated switches and the 6509!
The second answer seems interesting, but I guess it would apply if vlan 99 was routed.
For the time being I have added static mac entries on the network devices, and I am awaiting for feedback from the system admin.
I will update the post with any further findings!
Thanks y' all!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: