Question

[VSP-8404] ip prefix-list

  • 23 February 2019
  • 5 replies
  • 411 views

  • New Member
  • 2 replies
Can someone explain the basics of how an ip prefix-list works? Looking to deny the 239.255.255.250 from entering into the spbm multicast routing table. From what I've read it appears to be an allow list, so I would need to allow all other addresses which would then implicitly deny the 239.255.255.250? Seems like there should be an easier way.

5 replies

Userlevel 2
what is learning the route? It is a local route, SPBm route or an external rote?
SPB route.

Allow me to explain the issue in detail, perhaps I am missing something and diving into an ip prefix-list might be premature. It was a colleague’s suggestion.

-We have two VSP8404 routers which are clustered using vIST (core).
-We are using spb-multicast to manage multicast at the core.
-All edge switches (X450-G2) connect to the core via SMLT links.
-Each edge switch is its own vlan.
-The edge switches are simple layer 2, basic config with sharing enabled on the uplink ports to create the aggregated link.
-One of the edge switches hosts all the recording servers for the multicast streams (IP cameras).
-The other edge switches host IP cameras that send the multicast stream to the recording servers.

Pretty basic setup as far as I can tell. The issue we are running into is that we get an error message that says:
GlobalRouter TUNI/SUNI ERROR SWUNI VFI VPN TBL limit 8189 (L2VSN 48 + L3VSN 0 + MCoSPB/VXLAN 8141) reached

Many of these error messages immediately follow (with different source IPs obviously):
GlobalRouter IPMC ERROR Insufficient VFI/VPN resources to create McoSpb source [IP removed-MJS] group 239.255.255.250 vrfId 0

After reading online that “SSDP protocol can discover Plug & Play devices, with uPnP (Universal Plug and Play)" and "SSDP uses unicast and multicast address (239.255.255.250),“ I believe the 239.255.255.250 multicast address does not need to be routed. However, because it is on the vlan that hangs directly off the VSP8404 cores with SPB multicast enabled, I believe SPB is picking it up and placing it in the multicast routing table. We were thinking of using an ip prefix-list to filter what routes would be added to the multicast routing table.

Does this make sense?
Userlevel 2
that error message is coming off the x450s or the VSP cores?

Is everything working, but you are just getting those errors? Or are you seeing networking/multicast issues?

But because you mentioned uPnP I recommend you open a GTAC ticket ASAP. The network seems simple enough, but I think it needs attention by an expert.
Thanks Paul. The resolution was to create an ip prefix-list to restrict the UPnP multicast addresses (239.255.255.250) being added to the multicast routing table. Once that was done we saw the multicast routing table drop from 7500 entires to 2500 which doesn't exceed the routing table limit of 8000 entries. For those in the future who may be searching:

VSP 4000/7200/8000:

ip prefix-list UPnP 239.255.255.0/24

interface vlan 10
ip igmp access-list "UPnP" deny-both
exit
Userlevel 2
amazing..

thanks for the update and adding to the forum.

Reply