Re: Catalyst Switches Multicast Flooding

DaveDatapath · ‎12-08-2023

Hi All,

I am using several Multicast devices on the Catalyst range of switches, (9200 and 9500 for test purposes). The devices we have work fine on other switch brands with IGMP Snooping enabled and Fast Leave.

We have configured our Cisco switches with similar options, Immediate leave, IGMP Snooping, set the IGMP Querier IP as a virtual IP on the switch, Enabled PIM in Sparse mode.

The Multicast works when we only connect to 1 of the sources, however as soon as we connect to another 1 the switch is flooded with the Multicast data. When I connect my laptop and wireshark the switch I am flooded with Multicast packets before I even mirror the port of the receiving devices.

I've looked into CGMP but and that didn't seem to make a difference. When having PIM enabled the IGMP Querier no longer takes part in the election process and says disabled but I believe this is intended.

IGMP Filtering is also enabled.

Any ideas on how to stop the flood? the Multicast group membership command shows that right right devices subscribe to the correct streams but the flood of data means nothing is working.

Thanks

balaji.bandi · ‎12-08-2023

how is your configuration looks like ?

what IOS XE code running ?

can you post below output :

config of igmp

#show mac address-table multicast count

#show igmp snooping

#show ip ignmp snoo mrouter

# show ip igmp snoo qur

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DaveDatapath · ‎12-08-2023

IOS version 17.12.02

IGMP config

ip igmp ssm-map enable
ip igmp snooping tcn query solicit
ip igmp snooping querier address 192.168.30.1
ip igmp snooping querier
ip igmp snooping vlan 30 querier version 2
ip igmp snooping vlan 30 querier address 192.168.30.1
ip igmp snooping vlan 30 immediate-leave
ip igmp profile 1
permit
range 224.0.0.0 239.255.255.255
login on-success log
ipv6 mld snooping vlan 30 immediate-leave
ipv6 mld snooping
vtp mode transparent

Switch#show mac address-table multicast count
Vlan Mac Address Type Ports
---- ----------- ---- -----
Total Number of Multicast Addresses: 0

Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
Global PIM Snooping : Disabled
IGMPv3 snooping : Enabled
Report suppression : Enabled
TCN solicit query : Enabled
TCN flood query count : 2
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan 1:
--------
IGMP snooping : Enabled
Pim Snooping : Disabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan 20:
--------
IGMP snooping : Enabled
Pim Snooping : Disabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan 30:
--------
IGMP snooping : Enabled
Pim Snooping : Disabled
IGMPv2 immediate leave : Enabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Switch#show ip igmp snoo mrouter
Vlan ports
---- -----
30 Router

Switch#show IP IGMP snoo querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
30 192.168.30.1 v2 Router

VLan 30 is configured as the 192.168.30.1 address acting as the querier

Many thanks

DaveDatapath · ‎12-08-2023

Sorry and for further information this is all on a single switch

balaji.bandi · ‎12-08-2023

ok thanks for the information, where do you see flood ?

show mac address-table shows large mac ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DaveDatapath · ‎12-08-2023

Show mac address-table is

-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All 0180.c200.0021 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 700b.4f36.2047 STATIC Vl1
30 0055.6a2d.ea5d DYNAMIC Te1/0/15
30 0055.8b05.0933 DYNAMIC Te1/0/13
30 00aa.2793.2936 DYNAMIC Te1/0/9
30 00aa.8c45.a862 DYNAMIC Te1/0/11
30 04bf.1b32.72ca DYNAMIC Te1/0/3
30 5290.7cf2.2fe2 DYNAMIC Te1/0/1
30 624b.468b.70a1 DYNAMIC Te1/0/1
30 700b.4f36.2065 STATIC Vl30
30 828a.9d46.2708 DYNAMIC Te1/0/2
30 b8cb.29be.0c8c DYNAMIC Te1/0/1

I can see the flood using Wireshark on port 3 in my laptop. I can also visually see the RX devices are receiving both streams from 2 source devices (AVoIP use case)

balaji.bandi · ‎12-08-2023

thats not many as expected, that is normal

can you post port 3 configuration, some Wireshark information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DaveDatapath · ‎12-08-2023

Sure thing

Port 3

TenGigabitEthernet1/0/3 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet, address is 700b.4f36.2003 (bia 700b.4f36.2003)
MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:11:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 16449000 bits/sec, 4073 packets/sec
329 packets input, 43786 bytes, 0 no buffer
Received 329 broadcasts (308 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 308 multicast, 0 pause input
0 input packets with dribble condition detected
5300963 packets output, 2672124869 bytes, 0 underruns
Output 245 broadcasts (5300705 multicasts)
0 output errors, 0 collisions, 2 interface resets
1 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Wireshark is a constant stream of the below

Frame 857285: 510 bytes on wire (4080 bits), 510 bytes captured (4080 bits) on interface \Device\NPF_{54ECD72D-8EB8-4896-9A65-2992B692D1FD}, id 0
Section number: 1
Interface id: 0 (\Device\NPF_{54ECD72D-8EB8-4896-9A65-2992B692D1FD})
Encapsulation type: Ethernet (1)
Arrival Time: Dec 8, 2023 13:39:09.262074000 GMT Standard Time
UTC Arrival Time: Dec 8, 2023 13:39:09.262074000 UTC
Epoch Arrival Time: 1702042749.262074000
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.000006000 seconds]
[Time delta from previous displayed frame: 0.000006000 seconds]
[Time since reference or first frame: 125.099228000 seconds]
Frame Number: 857285
Frame Length: 510 bytes (4080 bits)
Capture Length: 510 bytes (4080 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:llc:data]
[Coloring Rule Name: Broadcast]
[Coloring Rule String: eth[0] & 1]
IEEE 802.3 Ethernet
Destination: IPv4mcast_01:00:00 (01:00:5e:01:00:00)
Source: 00:aa:8c:45:a8:62 (00:aa:8c:45:a8:62)
Length: 496
Logical-Link Control
Data (492 bytes)

Source changes between the 2 TX devices MAC addresses.

DaveDatapath · ‎12-08-2023

Port 3 full config

TenGigabitEthernet1/0/3 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet, address is 700b.4f36.2003 (bia 700b.4f36.2003)
MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:11:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 16449000 bits/sec, 4073 packets/sec
329 packets input, 43786 bytes, 0 no buffer
Received 329 broadcasts (308 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 308 multicast, 0 pause input
0 input packets with dribble condition detected
5300963 packets output, 2672124869 bytes, 0 underruns
Output 245 broadcasts (5300705 multicasts)
0 output errors, 0 collisions, 2 interface resets
1 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Switch#
Switch#show run interface t1/0/3
Building configuration...

Current configuration : 92 bytes
!
interface TenGigabitEthernet1/0/3
switchport access vlan 30
switchport mode access
end

And the Wireshark logs are just full of the following, Source MAC address switches between the 2 TX devices

422782 137.350195 00:aa:21:a2:e1:9f IPv4mcast_01:00:02 LLC 618 I, N(R)=0, N(S)=0; DSAP NULL LSAP Individual, SSAP NULL LSAP Command