IPV6 Multicast Listener storm control?

RichardHolbo · ‎09-19-2014

I am seeing issues with IPV6 multicast storms in my network that are fairly low volume (1-2mbit), but that are causing service disruptions due to CPU load on the switches and that the network is a Point to MultiPoint wireless network.

I have about 500 IPV4 clients on a vlan served by Cisco ME3400, Catalyst 3750 and 3560 switches. These are switched back to a routed interface and IP addresses are assigned by DHCP. We are not using IPV6 at all, and I don't have control of the clients.

What I'm seeing is IPV6 Multicast Listener requests from a single client (different clients at different times) going out on the network, the switches manage them in software, so CPU goes up (not a lot, but it seems to impact performance quite a bit), but the larger problem is that all other IPV6 clients respond to the multicast broadcast address generating a 1-2mbit storm of traffic to all ports all the time. This then transits the bandwidth constrained wireless network in a steady state, causing high collisions which causes significant performance degradation in the wireless network.

It would appear that this is _generally_ caused by Dell or HP workstations with buggy network interface cards in hibernate mode.

http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/

http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/

Now it looks like from my reading that MLD snooping would _help_ with this, though it would not stop the offender from generating the multicast requests, it might keep if from reaching _all_ ports, but it would still affect any ports that had _subscribed_ IPV6 clients, and it would require changing the SDM template and a reload on all the switches. So not a real answer and very painful.

IP multicast storm control looked good for a moment, but it seems it ONLY works on GIG ports and the wireless devices are on the 3560's with 100mbit ports, and... it would appear that the multicast storm control only works in 1% increments on a gig port, so would not actually restrict the initiating multicast traffic which is typically less than 1mbit.

Right now, I'm just tracking the source down and shutting it off.

Any thoughts?? Ideas? I suspect this will become more of an issue for more folks in the near future.

/thanks

/rh

jubair151 · ‎09-21-2014

Hi Richard,

I got the same issue in my network and its given me a lot pain to understand the issue and resolve it. I was affected because of HP elite 800 g1 slim mode network card driver issue. However, i asked my support team to upgrade the network driver to latest which resolved my issue. Kindly find below URL for more understanding.

https://supportforums.cisco.com/discussion/12296301/cisco-3560-switch-high-utilization-because-interrupt-traffic

You may please configure the storm control in percentage basis so that you can limit the broadcast. Please find my 3560 switch interface configuration as below.

interface FastEthernet0/12
switchport access vlan 30
switchport mode access
switchport voice vlan 520
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 7446.a03b.c0b0 vlan access
switchport port-security mac-address sticky 0007.3be1.1469 vlan voice
mls qos cos 1
storm-control broadcast level 0.10
storm-control multicast level 0.50
storm-control action trap
no cdp enable
spanning-tree portfast
end

Regards,

Jubair.S

*Plz dont forget to rate all usefull posts.