Limiting the propagation of CGMP

Kevin Dorrell · ‎04-28-2005

I have a campus consisting of a couple of Cat4506+IOS at the distribution layer, and a bagful of switches (Cat4000+CatOS, Cat4500+IOS, Cat2900XL, Cat2950) at the access layer. I use CGMP to control multicasts because some of the switches do not support IGMP snooping. The CGMP protocol uses layer-2 multicasts to 01:00:0c:cd:dd:dd.

Our server team has recently installed a load-balancing protocol that uses IP-like multicasts for control - destination 01:00:5e:xx:xx:xx and Ethertype 0x886F. At the moment, that protocol is causing quite a lot of CGMP updates - so much so that they account for over 30% of the background noise seen by a typical host on the network.

Note it is not the application multicast that is causing the extra traffic - that is being constrained correctly by the CGMP and IGMP snooping. It is the CGMP multicast itself that is giving me the headache.

So to my question: These CGMP multicasts are only relevant to the switches. All my switches are tied together with 802.1Q trunks. Is there any way I can constrain the CGMP to the inter-switch trunks, and not have it transmitted out the access leaf ports?

I have thought of putting these machines that are doing the load-balancing experiment on a separate VLAN, but that is not practicable from the architectural point of view.

Any suggestions welcome.

Kevin Dorrell

Luxembourg

Kevin Dorrell · ‎04-28-2005

Some more information:

There was a typo in my original posting: the layer-2 multicast address for CGMP is 01:00:0c:dd:dd:dd of course.

Secondly, the CGMP traffic was not due to the load-balancing experiment at all, but due to many PCs expressing an interest in 235.80.68.83 and 239.83.100.109. Does anyone recognise these addresses? I know the first is globally scoped, and the second adminstratively scoped, but I don't know any more than that. About 10% of the PCs on my campus are generating IGMPs for those multicast streams. What is this all about?

My original question remains valid though: how can I prevent the CGMP control protocol being propagated to the host ports? Only the switches need to hear it.

Kevin Dorrell

Luxembourg

Kevin Dorrell · ‎04-28-2005

Bump

Kevin Dorrell · ‎05-01-2005

Anybody out there?

Kevin Dorrell · ‎05-02-2005

Am I talking to myself again? Is this a sign of madness? Have I been sent to Coventry? Or is it just that nobody has an answer?

Kevin Dorrell

Luxembourg

jroyster · ‎05-03-2005

I don't think you can.

In order for CGMP to work it has to rely on a switch flooding the CGMP multicast.

Things you could try...

1) use CGMP fast leave, althought I don't see how it would help.

2) hard code the multicast router on each and every switch and see if it still floods the CGMP messages.

CGMP really only needs to be between a router and the switches but since a switch is layer2 it has to rely on the flooding of these messages. Possibly hard coding the router could help.

Kevin Dorrell · ‎05-03-2005

Thanks for the idea. I don't thionk that hardcoding the router port would really help. I think all that does is make sure that all multicasts are forwarded to the router port, but it does not prune them from the other ports. I'm not sure this would apply to CGMP anyway, because it is not an IP multicast.

I might have a go at fiddling the CAM tables in a switch to see if I can forward the CGMP just to those ports with a switch downstream.

Thanks for the ideas anyway.

Kevin Dorrell

Luxembourg