cancel
Showing results for 
Search instead for 
Did you mean: 

Disable going multicast between subvlans in supervlan.

Disable going multicast between subvlans in supervlan.

Victor_Vit
New Contributor
Dear Colleagues,


If I use separate vlans on Extreme X450-24 ver. 15.3.2.11 on default settings multicast trafic doesn't route between these vlans. But if I use 2 subvlans (or more) in supervlan multicast trafic begins to route between these subvlans.
I don't need this. Please, help me.
How can I disable multicast routing between subvlans in 1 supervlan without using ACL?

Thank you.

11 REPLIES 11

Erik_Auerswald
Contributor II
Hi Alexandr,

is the DoS Protect ACL matching traffic to the switch or traffic through the switch? From the looks of it, it should be traffic through the switch to an SMTP server. If so, that traffic should not reach the CPU during normal operation.

One reason through traffic reaches the CPU is a missing ARP entry for a local end system, resulting in software based forwarding. You might want to check the hardware capabilities and the configured maximum ARP entries in hardware:
show iproute reserved-entries statistics show iparp show iparp stats summary Older EXOS had a default of 4096 ARP entries max, newer EXOS uses 8192, you might want to check that you use the newer default value, if the hardware permits this. This can be configured using
configure iparp max_entries [vr VR_NAME] MAX_ENTRIES
The maximum IP ARP entries include dynamic, static, and incomplete IP ARP entries.
Thanks,
Erik

Hi Victor,

the numbers in the table show how many entries of the different types that are stored in hardware tables are used, the numbers after the table show the limits of different switches.

An exclamation mark (!) next to a number signals that the hardware limit is reached, see e.g. Multicast Entry not Added. Hardware Table Full and Known traffic gets forwarded in the CPU of an X670-X440 stack. Some entries need to be added up against the hardware limit, e.g. IPv6 routes use the same resources as IPv4 routes, see e.g. Space occupied by IPv6 route in hardware table. The HW Route Table stores prefixes for longest prefix match (LPM) lookup, the HW L3 Hash Table stores direct lookup entries, e.g. ARP entries or multicast groups.

For some switches, the table usage can be configured, see Can the maximum reserved route entries be increased for a specific switch model? This depends on the hardware, newer Broadcom switch chips use so called Unified Forwarding Tables (UFT) that can be used with different partitioning variants.

Additional information can be found in the GTAC Knowledge articles Check for Table full conditions and How to troubleshoot FDB entry not added on slot X. Hardware Table full.

Some effects of needing too many ARP entries are explained in Slot reboot on BD8K due to Async Queue growing with CustomType 42 messages.

Thanks,
Erik

Hi, Erik
I'm sorry, but can you explain what do the numbers in the output of "Show iproute reserved-entries statistics" represent?

Hi, Erik!

X450a have limits IP ARP:
8K with minimum LPM entries - 100 and less
2K with max LPM - 12K

In this switch configured max LPM:
sh iproute reserved-entries IPv4 # Reserved Routes Minimum #

Slot Type Routes IPv4 (or IPv6) IPv4 Hosts

---- ---------------- -------- ------ ------------------ ----------

1 X450a-24x Internal 12240 ( 6120) [default] 16

So there is few factors:

- hardware limit

- possible loop and mcast traffic because using Supervlan feature.

Main question in this case is still - how to block mcast between SubVlans?

Thank you!

GTM-P2G8KFN