I have a 4500-X acting as my core switch and a mix of SG300 and 2960X access switches and Meraki WAPs. There are 10 buildings each with separate VLANs for wired, wireless, and VoIP. There are wired printers and Apple TVs throughout the campus and I need wired and wireless macOS and iOS devices to be able to use functions like AirPrint and AirPlay. I have experimented with the mDNS service discovery gateway, but on matter what I do, I crush the CPU. I hope it's just a misconfiguration and not a limitation of the 4500-X, but ideally I want devices in any VLAN to 'see' printers and Apple TVs in any VLAN. When I enable the configuration below, the iosd process consumes 100% of one of the two cores. As you'll notice from my service-list elements, I was having issues and just threw more permit at it until things showed up. Unfortunately, the output of 'show process cpu sorted | ex 0.00' shows one core more or less idle and the other at 100% with the iosd process being the culprit.
service-list mdns-sd Permit_Bonjour permit 10 match service-type _airplay._tcp.local ! service-list mdns-sd Permit_Bonjour permit 20 match service-type _ipp._tcp.local ! service-list mdns-sd Permit_Bonjour permit 30 match service-type _printer.tcp.local ! service-list mdns-sd Permit_Bonjour permit 40 match message-type any ! service-list mdns-sd Permit_Bonjour permit 50 match message-type announcement ! service-list mdns-sd Permit_Bonjour permit 60 match message-type any ! service-list mdns-sd active-query query service-type _universal._sub._ipp._tcp service-type _ipp._tcp.local service-type _ipps._tcp.local service-type _raop._tcp.local
service-policy Permit_Bonjour IN service-policy Permit_Bonjour OUT
Unfortunately that bug is when using multiple switches in a VSS (we only have one 4500X) and 16k+ ARP entries in the cache (I see <1000).
The access-lists controlling what mDNS traffic to forward are probably my issue. The permit any statement was after trying to be selective and it not working, but if I remove the mDNS gateway, the CPU drops to less than 5%. Right now, with it enabled, the CPU usage stays at 100% for one core 24x7. I also see this in the log buffer:
*Sep 12 16:44:02.408: %SYS-3-CPUHOG: Task is running for (2012)msecs, more than (2000)msecs (0/0),process = mDNS.
My problem is absolutely mDNS, and as this is the first time I have configured mDNS gateway on IOS XE, I suspect it's a misconfiguration on my part. I just can't figure out what changes to make to get the CPU usage down.