Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
1
Replies

CSCuo14829 - WS-C3650-48PS/03.06.08E IPV6 MLD

Staudinger
Level 1
Level 1

‎02-01-2022 01:58 AM - edited ‎02-01-2022 02:01 AM

Hi team,

In our environment, we are running WS-C3650-48PS switches in a stack of 4 switches and other Switch stack of 6 with same model and running ios version is 03.06.08E. All sudden the CPU utlization is high. It was very hard to access the swicth. 802.1x was not working CLients connected interface went to Unauth U status. Rebooted the switch with no luck

We found NGWC L2M Process uses CPU to process IPv6 packets.

show processes cpu detailed process iosd sorted | exc 0.0
Core 0: CPU utilization for five seconds: 43%; one minute: 35%; five minutes: 33%
Core 1: CPU utilization for five seconds: 54%; one minute: 46%; five minutes: 46%
Core 2: CPU utilization for five seconds: 75%; one minute: 63%; five minutes: 58%
Core 3: CPU utilization for five seconds: 48%; one minute: 49%; five minutes: 57%
PID T C TID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
12577 L 2766882 2422952 291 23.52 23.67 23.69 34816 iosd
12577 L 3 12577 1911782 1970561 0 23.34 23.29 23.29 34818 iosd
12577 L 0 14135 694490 3264088 0 0.28 0.34 0.36 0 iosd.fastpath
162 I 2832830 6643 0 90.11 92.55 92.33 0 NGWC L2M


After enabling ipv6 mld snooping. We are able to access the switch.

We are suspecting is there anything do with our core switch 9300 IOS version 16.12.4. After changing the core switch we got this issue. Do we need to enable ipv6 mld snooping in core switch as well to fix the source of the issue or you suggest any upgrade

Labels:
0 Helpful
1 Reply 1

gtrejoor
Cisco Employee
Cisco Employee

‎03-02-2022 01:28 PM

Hi  Staudinger

 

Thank you for the response

 

Well, the bug you mentioned is already fixed in version 03.06.08E, so your current problem is not related to that bug, I saw you enable mld ipv6 snooping.  What ipv6 mld snooping does is it prevents IPv6 multicast traffic from being flooded and forwarded in software resulting in high cpu. What they should check more than just implement this command in the C9300, is to analyze with a control plane capture when this CPU value rises, where that traffic is coming from, and if they are using it or not. Since it is impacting the switch because it is traffic that by its nature reaches the CPU and if it does not find an IPv6 address to send it to, this behavior will continue to occur. If the C3850 continues to flood this traffic, the C9300 will receive it in the same way in the CPU, there is a CoPP policer to avoid high CPU usage, however, my suggestion is that you better check where that traffic comes from and confirm if you are using, otherwise you can apply the mld snooping command like a workaround.

 

References 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/configuration_guide/ip_mcast_rtng/b_1612_ip_mcast_rtng_9300_cg/configuring_mld_snooping.html

 

Regards, 

0 Helpful
Customers Also Viewed These Support Documents