cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1627
Views
0
Helpful
2
Replies

mdns-sd on IOS XE

dbrown
Level 1
Level 1

I have a 4500-X acting as my core switch and a mix of SG300 and 2960X access switches and Meraki WAPs.  There are 10 buildings each with separate VLANs for wired, wireless, and VoIP.  There are wired printers and Apple TVs throughout the campus and I need wired and wireless macOS and iOS devices to be able to use functions like AirPrint and AirPlay.  I have experimented with the mDNS service discovery gateway, but on matter what I do, I crush the CPU.  I hope it's just a misconfiguration and not a limitation of the 4500-X, but ideally I want devices in any VLAN to 'see' printers and Apple TVs in any VLAN.  When I enable the configuration below, the iosd process consumes 100% of one of the two cores.  As you'll notice from my service-list elements, I was having issues and just threw more permit at it until things showed up.  Unfortunately, the output of 'show process cpu sorted | ex 0.00' shows one core more or less idle and the other at 100% with the iosd process being the culprit.  

 

!

service-list mdns-sd Permit_Bonjour permit 10
 match service-type _airplay._tcp.local
!
service-list mdns-sd Permit_Bonjour permit 20
 match service-type _ipp._tcp.local
!
service-list mdns-sd Permit_Bonjour permit 30
 match service-type _printer.tcp.local
!
service-list mdns-sd Permit_Bonjour permit 40
 match message-type any
!
service-list mdns-sd Permit_Bonjour permit 50
 match message-type announcement
!
service-list mdns-sd Permit_Bonjour permit 60
 match message-type any
!
service-list mdns-sd active-query query
 service-type _universal._sub._ipp._tcp
 service-type _ipp._tcp.local
 service-type _ipps._tcp.local
 service-type _raop._tcp.local

!

service-routing mdns-sd

!

service-policy Permit_Bonjour IN
service-policy Permit_Bonjour OUT

!

interface Vlan1
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan15
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan30
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan35
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan45
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan55
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan65
service-routing mdns-sd
 redistribute mdns-sd
interface Vlan95
service-routing mdns-sd
 redistribute mdns-sd

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello dbrown,

have a look at the following SW bug that looks like your case

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva70427

 

https://community.cisco.com/t5/cisco-bug-discussions/cscva70427-cat4500x-16-vss-high-cpu-with-16k-arp-entries-gt/td-p/3840803

 

According to the following document the filters should be as much specific as possible

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dns/configuration/xe-16-12/dns-xe-16-12-book/service-discovery-gateway.html

 

You say you have ten buildings and each of them with one data Vlan one wireless Vlan and one VOIP vlan.

 

>> There are wired printers and Apple TVs throughout the campus and I need wired and wireless macOS and iOS devices to be able to use functions like AirPrint and AirPlay

 

in the above document see at the summary steps:

 

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. service-routing mdns-sd
  4. service-policy service-policy-name {IN | OUT }
  5. cache-memory-max cache-config-percentage
  6. service-policy-query service-list-name query-period
  7. designated-gateway enable [ ttl duration]
  8. service-policy-proximity service-list-name [ limit number-of-services]
  9. service-type-enumeration period period-value
  10. source-interface type number
  11. rate-limit in maximum-rate-limit
  12. exit

I think step 5 cache-memory-max and step 11  rate-limit can be helpful in limiting resources used by this feature.

 

With your current configuration there is likely too much usage of resources.

I don't know if in your version is supported but examples in the above document apply filters to the L3 interfaces either input or output but not globally.

 

service-policy Permit_Bonjour IN
service-policy Permit_Bonjour OUT

 

and the fact that you have match any statements  in Permit_Bonjour service list can cause excessive load on the switch.

 

Hope to help

Giuseppe

 

 

 

 

Unfortunately that bug is when using multiple switches in a VSS (we only have one 4500X) and 16k+ ARP entries in the cache (I see <1000).  

 

The access-lists controlling what mDNS traffic to forward are probably my issue.  The permit any statement was after trying to be selective and it not working, but if I remove the mDNS gateway, the CPU drops to less than 5%.  Right now, with it enabled, the CPU usage stays at 100% for one core 24x7.  I also see this in the log buffer:

 

*Sep 12 16:44:02.408: %SYS-3-CPUHOG: Task is running for (2012)msecs, more than (2000)msecs (0/0),process = mDNS.

 

My problem is absolutely mDNS, and as this is the first time I have configured mDNS gateway on IOS XE, I suspect it's a misconfiguration on my part.  I just can't figure out what changes to make to get the CPU usage down.

Review Cisco Networking for a $25 gift card