CPU Congestion
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-07-2017 01:49 PM
Hi all,
From time to time and randomly on my network some stacked switches become unresponsive and very sluggish, my monitoring software shows that those stacks are down and if i ping them i have a RTT of about 5000ms.
When i log onto to the stack and run the cmd "debug hal show congestion" it shows congestion on all slots. to identify the type of traffic that is congestioning the CPU i run the cmd "show l2stats vlan [vlan]" several times to see which counter is incrementing and i see that the broadcast and multicast are the ones to blame.
I am wondering if anyone has experienced this problem to and how did you troubleshoot it?
From time to time and randomly on my network some stacked switches become unresponsive and very sluggish, my monitoring software shows that those stacks are down and if i ping them i have a RTT of about 5000ms.
When i log onto to the stack and run the cmd "debug hal show congestion" it shows congestion on all slots. to identify the type of traffic that is congestioning the CPU i run the cmd "show l2stats vlan [vlan]" several times to see which counter is incrementing and i see that the broadcast and multicast are the ones to blame.
I am wondering if anyone has experienced this problem to and how did you troubleshoot it?
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-07-2017 03:48 PM
Hello,
If you run a "show igmp snooping cache" Do you see a lot of ports reporting on the following addresses?
224.0.0.251 (bonjour/MDNS)
239.255.255.250 (SSDP)
239.255.255.253 (SLP)
224.0.0.252 (LLMNR)
If so, we may need to block some of that traffic, if it isn't being used.
Vi block_mdns.pol
entry slp {
if {
destination-address 239.255.255.253/32;
} then {
deny;
count slp;
}
}
entry bonjour-mdns {
if {
destination-address 224.0.0.251/32;
} then {
deny;
count bonjour-mdns;
}
}
entry llmnr {
if {
destination-address 224.0.0.252/32;
} then {
count llmnr;
deny;
}
}
entry ssdp {
if {
destination-address 239.255.255.250/32;
} then {
count ssdp;
deny;
}
}
:wq to exit
apply to the edge ports on ingress to prevent the packets from even coming into the network at all.
Thanks
Brad
If you run a "show igmp snooping cache" Do you see a lot of ports reporting on the following addresses?
224.0.0.251 (bonjour/MDNS)
239.255.255.250 (SSDP)
239.255.255.253 (SLP)
224.0.0.252 (LLMNR)
If so, we may need to block some of that traffic, if it isn't being used.
Vi block_mdns.pol
entry slp {
if {
destination-address 239.255.255.253/32;
} then {
deny;
count slp;
}
}
entry bonjour-mdns {
if {
destination-address 224.0.0.251/32;
} then {
deny;
count bonjour-mdns;
}
}
entry llmnr {
if {
destination-address 224.0.0.252/32;
} then {
count llmnr;
deny;
}
}
entry ssdp {
if {
destination-address 239.255.255.250/32;
} then {
count ssdp;
deny;
}
}
:wq to exit
apply to the edge ports on ingress to prevent the packets from even coming into the network at all.
Thanks
Brad
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-07-2017 02:55 PM
Hi, I have to rule out loop because the switch has only one uplink, also if there was a loop I should see mac flapping, which I dont.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-07-2017 01:57 PM
Have we ruled out a loop? Are you running ELRP?
We have seen this caused by MDNS on a customers network. Fortunately in their case they were not using the MDNS so we were able to block that and things improved.
We have seen this caused by MDNS on a customers network. Fortunately in their case they were not using the MDNS so we were able to block that and things improved.
