ExtremeSwitching (EXOS)

Expand all | Collapse all

CPU Congestion

  • 1.  CPU Congestion

    Posted 12-07-2017 13:49
    Hi all,

    From time to time and randomly on my network some stacked switches become unresponsive and very sluggish, my monitoring software shows that those stacks are down and if i ping them i have a RTT of about 5000ms.

    When i log onto to the stack and run the cmd "debug hal show congestion" it shows congestion on all slots. to identify the type of traffic that is congestioning the CPU i run the cmd "show l2stats vlan [vlan]" several times to see which counter is incrementing and i see that the broadcast and multicast are the ones to blame.

    I am wondering if anyone has experienced this problem to and how did you troubleshoot it?



  • 2.  RE: CPU Congestion

    Posted 12-07-2017 13:57
    Have we ruled out a loop? Are you running ELRP?

    We have seen this caused by MDNS on a customers network. Fortunately in their case they were not using the MDNS so we were able to block that and things improved.


  • 3.  RE: CPU Congestion

    Posted 12-07-2017 14:55
    Hi, I have to rule out loop because the switch has only one uplink, also if there was a loop I should see mac flapping, which I dont.


  • 4.  RE: CPU Congestion

    Posted 12-07-2017 15:48
    Hello,

    If you run a "show igmp snooping cache" Do you see a lot of ports reporting on the following addresses?
    224.0.0.251 (bonjour/MDNS)
    239.255.255.250 (SSDP)
    239.255.255.253 (SLP)
    224.0.0.252 (LLMNR)

    If so, we may need to block some of that traffic, if it isn't being used.

    Vi block_mdns.pol

    entry slp {

    if {

    destination-address 239.255.255.253/32;

    } then {

    deny;

    count slp;

    }

    }



    entry bonjour-mdns {

    if {

    destination-address 224.0.0.251/32;

    } then {

    deny;

    count bonjour-mdns;

    }

    }

    entry llmnr {

    if {

    destination-address 224.0.0.252/32;

    } then {

    count llmnr;

    deny;

    }

    }

    entry ssdp {

    if {

    destination-address 239.255.255.250/32;

    } then {

    count ssdp;

    deny;

    }

    }


    :wq to exit

    apply to the edge ports on ingress to prevent the packets from even coming into the network at all.

    Thanks
    Brad