Re: Multicast traffic issue

vinodgasianet · ‎12-30-2005

We are having a VTP domain with three 3550 switches, 4 ports on each switch configured on VLAN for Videoconferencing.Whenever there is conferencing between two points, all the ports in the VLAN receives the traffic originated from the source port. I connected a test PC on the same VLAN & that port also receives the same trafiic.

There is no routing as its on a same network,

Any option to block this traffic or can we configure a per port VLAN for point to point communication within the VLAN,

Pls help,

Regards

Vinod.G

johansens · ‎12-30-2005

You should enable IGMP Snooping and let it take care of the flooding of the multicast-packets.

If you have a flat L2 with no multicastrouters, then you have a small problem.. you'll need to do one of several options:

- Add a mrouter on your VLAN (basically enable "ip pim sparse-dense-mode" on ONE of the 3550-switches in the 'offending' VLAN)

- Add a static mrouter-port on each switch pointing to the other switches: "ip igmp snooping vlan 1 mrouter interface fastethernet 1/24" (where the interface is the uplink)

- Configure static multicast mac entries... which is a real hassle, because you'll need to build one for each multicast-address pointing to each of the 4 ports and the uplinks on each switch.. like this: "mac-address-table static 0100.5e6f.efef vlan 1 interface fastethernet 1/20 fastethernet 1/21 fastethernet 1/22 fastethernet 1/23 fastethernet 1/24"

There are a few other options (private-vlan, VACL's etc) as well.. but you should look into the above first...

Did it help?

vinodgasianet · ‎01-02-2006

Hi,

I tried but still issue there, now i suspect the traffic as some other, not mutlicast. The show interface out pout of the port where I connected my test PC as follows ,

5 minute input rate 1000 bits/sec, 2 packets/sec

5 minute output rate 10201000 bits/sec, 3058 packets/sec

3244 packets input, 246185 bytes, 0 no buffer

Received 507 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

3290746 packets output, 811144480 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

. Without any geniun trafic or video conferencing on the VLAN, the port receives almost 10Mb trafic,

can u help to find & solve the issue,

Vinod

johansens · ‎01-02-2006

You have two "really quick" options to find this traffic:

- Use a sniffer on your Test-PC to see exactly what kind of traffic this is.. (http://www.ethereal.com/ is a good one)

- Check the counters of other ports in the same VLAN and check the "input rate" to see if any of the others match this amount of traffic...

Are you using Microsoft NLB or NIC teaming on any machines in this VLAN as well??

Did it help?

vinodgasianet · ‎01-02-2006

hi,

all ports in the VLAN recieves the same traffic, Pls see the traffic of all the ports,

Fa0/14

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 12662000 bits/sec, 1657 packets/sec

Fa0/15

5 minute input rate 1000 bits/sec, 2 packets/sec

5 minute output rate 12672000 bits/sec, 1656 packets/sec

Fa0/17

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 12675000 bits/sec, 1656 packets/sec

Fa0/19

5 minute input rate 1000 bits/sec, 2 packets/sec

5 minute output rate 12681000 bits/sec, 1656 packets/sec

Fa0/20

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 12645000 bits/sec, 1650 packets/sec

Fa0/21

30 second input rate 4246000 bits/sec, 550 packets/sec

30 second output rate 8238000 bits/sec, 1069 packets/sec

1598882 packets input, 940989274 bytes, 0 no buffer

Received 1598683 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 1598683 multicast, 3 pause input

0 input packets with dribble condition detected

3789523 packets output, 1892589387 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

Fa0/21 showing both in & out, I tried shuting the port, but still all other ports continue receiving the same trafic.

I tried with a NTOP packet monitoring tool which is showing the trafic as OSPF Multicast. Port 0/20 is connected to another router which is running OSPF, but router trafic showing normal( I dont have acces to that router). Packet flow showing is from switch to all other ports.,Pls help

vinod

mheusinger · ‎01-02-2006

Hi,

are you sure it is OSPF multicast traffic?? The only two things I can possibly think of is a router really going wild (never heard of this one though) or a spanning tree loop.

Can you check the port states of your switches to make sure you do not experience a loop?

Martin

vinodgasianet · ‎01-02-2006

Martin,

I also suspect it as a spanning tree loop. Can u pls tell how i can confirm this through the port status,I am hereby attaching the status of my test pc connected to the VLAN,

L3-Switch#sh interfaces fastEthernet 0/17

FastEthernet0/17 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0013.802a.fc11 (bia 0013.802a.fc11)

Description: *****test PC ****************

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 21/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:06, output hang never

Last clearing of "show interface" counters 01:48:38

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 1000 bits/sec, 2 packets/sec

5 minute output rate 8375000 bits/sec, 1094 packets/sec

15199 packets input, 1131775 bytes, 0 no buffer

Received 3988 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

9728723 packets output, 2720310713 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

L3-Switch#

Vinod

johansens · ‎01-02-2006

Hi again,

You should do some really basic troubleshooting..

Disable one and one port in the VLAN until the traffic stops... this includes the uplinks and any L3-SVI's... (take care to not cutting off your own branch without having a way of getting back in... :)

This should give you a hint of where the traffic enters and then let's take it from there..

Did it help?

mheusinger · ‎01-02-2006

Hi,

The only traffic sent to all ports except multicast will be broadcast and unknown.

How much broadcast traffic do you see in the trunk ports of your switches?

Can you get a packet analyzer like ethereal to grab some of the traffic hitting the test PC? This would make it much simpler to understand what is causing your problems.

About "unknown MAC address" traffic: I once had the problem with a backup tool streaming traffic to a backup server. Unfortunately the server had to send NO packets and eventually the MAC of the server timed out, so the backup stream was flooded everywhere.

a simple permanent ping to the gateway running on the server solved the problem.

Hope this helps

Martin

mheusinger · ‎01-02-2006

Hi,

you need to look for your trunk ports, attached endsystems like the PC are not interesting when troubleshooting SPT.

Have a look at

"Troubleshooting STP on Catalyst Switches Running Cisco IOS System Software"

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml

Hope this helps

Martin