This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Disable going multicast between subvlans in su...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Disable going multicast between subvlans in supervlan.
Disable going multicast between subvlans in supervlan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-19-2017 09:23 AM
Dear Colleagues,
If I use separate vlans on Extreme X450-24 ver. 15.3.2.11 on default settings multicast trafic doesn't route between these vlans. But if I use 2 subvlans (or more) in supervlan multicast trafic begins to route between these subvlans.
I don't need this. Please, help me.
How can I disable multicast routing between subvlans in 1 supervlan without using ACL?
Thank you.
If I use separate vlans on Extreme X450-24 ver. 15.3.2.11 on default settings multicast trafic doesn't route between these vlans. But if I use 2 subvlans (or more) in supervlan multicast trafic begins to route between these subvlans.
I don't need this. Please, help me.
How can I disable multicast routing between subvlans in 1 supervlan without using ACL?
Thank you.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-18-2017 05:48 AM
Hi Alexandr,
is the DoS Protect ACL matching traffic to the switch or traffic through the switch? From the looks of it, it should be traffic through the switch to an SMTP server. If so, that traffic should not reach the CPU during normal operation.
One reason through traffic reaches the CPU is a missing ARP entry for a local end system, resulting in software based forwarding. You might want to check the hardware capabilities and the configured maximum ARP entries in hardware:
show iproute reserved-entries statistics show iparp show iparp stats summary Older EXOS had a default of 4096 ARP entries max, newer EXOS uses 8192, you might want to check that you use the newer default value, if the hardware permits this. This can be configured using
configure iparp max_entries [vr VR_NAME] MAX_ENTRIES
Erik
is the DoS Protect ACL matching traffic to the switch or traffic through the switch? From the looks of it, it should be traffic through the switch to an SMTP server. If so, that traffic should not reach the CPU during normal operation.
One reason through traffic reaches the CPU is a missing ARP entry for a local end system, resulting in software based forwarding. You might want to check the hardware capabilities and the configured maximum ARP entries in hardware:
show iproute reserved-entries statistics show iparp show iparp stats summary Older EXOS had a default of 4096 ARP entries max, newer EXOS uses 8192, you might want to check that you use the newer default value, if the hardware permits this. This can be configured using
configure iparp max_entries [vr VR_NAME] MAX_ENTRIES
The maximum IP ARP entries include dynamic, static, and incomplete IP ARP entries.Thanks,
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-18-2017 05:48 AM
Hi Victor,
the numbers in the table show how many entries of the different types that are stored in hardware tables are used, the numbers after the table show the limits of different switches.
An exclamation mark (!) next to a number signals that the hardware limit is reached, see e.g. Multicast Entry not Added. Hardware Table Full and Known traffic gets forwarded in the CPU of an X670-X440 stack. Some entries need to be added up against the hardware limit, e.g. IPv6 routes use the same resources as IPv4 routes, see e.g. Space occupied by IPv6 route in hardware table. The HW Route Table stores prefixes for longest prefix match (LPM) lookup, the HW L3 Hash Table stores direct lookup entries, e.g. ARP entries or multicast groups.
For some switches, the table usage can be configured, see Can the maximum reserved route entries be increased for a specific switch model? This depends on the hardware, newer Broadcom switch chips use so called Unified Forwarding Tables (UFT) that can be used with different partitioning variants.
Additional information can be found in the GTAC Knowledge articles Check for Table full conditions and How to troubleshoot FDB entry not added on slot X. Hardware Table full.
Some effects of needing too many ARP entries are explained in Slot reboot on BD8K due to Async Queue growing with CustomType 42 messages.
Thanks,
Erik
the numbers in the table show how many entries of the different types that are stored in hardware tables are used, the numbers after the table show the limits of different switches.
An exclamation mark (!) next to a number signals that the hardware limit is reached, see e.g. Multicast Entry not Added. Hardware Table Full and Known traffic gets forwarded in the CPU of an X670-X440 stack. Some entries need to be added up against the hardware limit, e.g. IPv6 routes use the same resources as IPv4 routes, see e.g. Space occupied by IPv6 route in hardware table. The HW Route Table stores prefixes for longest prefix match (LPM) lookup, the HW L3 Hash Table stores direct lookup entries, e.g. ARP entries or multicast groups.
For some switches, the table usage can be configured, see Can the maximum reserved route entries be increased for a specific switch model? This depends on the hardware, newer Broadcom switch chips use so called Unified Forwarding Tables (UFT) that can be used with different partitioning variants.
Additional information can be found in the GTAC Knowledge articles Check for Table full conditions and How to troubleshoot FDB entry not added on slot X. Hardware Table full.
Some effects of needing too many ARP entries are explained in Slot reboot on BD8K due to Async Queue growing with CustomType 42 messages.
Thanks,
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-18-2017 05:48 AM
Hi, Erik
I'm sorry, but can you explain what do the numbers in the output of "Show iproute reserved-entries statistics" represent?
I'm sorry, but can you explain what do the numbers in the output of "Show iproute reserved-entries statistics" represent?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-18-2017 05:48 AM
Hi, Erik!
X450a have limits IP ARP:
8K with minimum LPM entries - 100 and less
2K with max LPM - 12K
In this switch configured max LPM:
sh iproute reserved-entries IPv4 # Reserved Routes Minimum #
Slot Type Routes IPv4 (or IPv6) IPv4 Hosts
---- ---------------- -------- ------ ------------------ ----------
1 X450a-24x Internal 12240 ( 6120) [default] 16
So there is few factors:
- hardware limit
- possible loop and mcast traffic because using Supervlan feature.
Main question in this case is still - how to block mcast between SubVlans?
Thank you!
X450a have limits IP ARP:
8K with minimum LPM entries - 100 and less
2K with max LPM - 12K
In this switch configured max LPM:
sh iproute reserved-entries IPv4 # Reserved Routes Minimum #
Slot Type Routes IPv4 (or IPv6) IPv4 Hosts
---- ---------------- -------- ------ ------------------ ----------
1 X450a-24x Internal 12240 ( 6120) [default] 16
So there is few factors:
- hardware limit
- possible loop and mcast traffic because using Supervlan feature.
Main question in this case is still - how to block mcast between SubVlans?
Thank you!
