cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2128
Views
0
Helpful
6
Replies

Need to block a multicast route due to mfib exhaustion on N9k

Chris Knipe
Level 1
Level 1

Hi, I am having some issues after a core migration with multicast.  The core that we migrated to supports a maximum of 8k multicast routes and we are currently exceeding that amount due to traffic from UPNP (239.255.255.250) coming from our wireless clients.  There is an SVI on the 9k for these wireless clients and I have tried appling different types of ACL's to this wireless vlan, but I still see these clients from this vlan show up after applying the acl and clearing the multicast routes. Is there a way that I can create a route map to deny this multicast route from showing up in the routing table?

6 Replies 6

Hello,

 

I think on the Nexus 9K, for multicast traffic, you need a port ACL inbound. It would look something like this:

 

ip access-list DENY_UPNP
10 deny ip any 239.255.255.250/32
20 deny ip 239.255.255.250/32 any
30 permit ip any any

 

interface Vlan20
ip port access-group DENY_UPNP in

Hello

As this is a routed interface do you have pim enabled? -  if so why not just remove it from that svi?

Res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

In this particular instance, it is because we are just wanting to block UPnP address as the subscribers to this address are exceeding the number of multicast routes available on the platform.  Though we would still like to have multicast working for other apps for users on this subnet.  

bwilson
Level 1
Level 1

Did that ACL end up working for you, or did you find another solution?

Feds
Level 1
Level 1

Hi Chris,

Which solution did you implement?

Thanks!

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Chris Knipe ,

you can use TTL scoping for this I did this in the past.

All the UPNP (239.255.255.250) is just noise but they should have TTL limited

You can put a barrier using an high value of IPv4 TTL like 32 or 64 to block the noise.

This means that all the wanted sources have to increase their TTL to a greater value. You can check this using VideoLAN VLC.

 

Other options if you are using auto-rp is an interface level

ip pim rp auto-rp listener  <acl>

command that can be used to filter out the noise.

 

Hope to help

Giuseppe

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: