Solved: I would like to assume that

Arjen K · ‎09-01-2014

Hi,

This year Intel released a new NIC, the intel i217-LM. These NICs with a windows 7 image will cause an ipv6 broadcast storm if they go to sleep mode. In wireshark you will see something like "HBH ICMP6, multicast listener reportmax resp delay"; about 3000 every second for each host.

Using the network trace I've created a filter that showed the 4 unique mac-addresses from the sleeping PC's. On our core switch (6500) I could find the hosts using:

show mac-address-table | incl d4c9.efda

However, on the 3750's stacks running 12.2(55)SE9 I could not find ipv6 hosts in the mac addresstable. Why aren't these mac addresses visible for ipv6 hosts? I now used the txload to find the hosts, but I wonder why the ipv6 MAC's aren't visible...

Regards,

Arjen

educruz · ‎09-01-2014

I would like to assume that you already found the hosts, please correct me if I am wrong.

In IPv6, Neighbor Discovery (ND) replaces Address Resolution Protocol (ARP) so show mac-address-table will not provide any outcome with regards to IPv6 in any switch unless IPv6 ND is enabled.

Depending on the specifics of the 6500 and the 3750 you can find a configuration guide on Cisco if you would like to have it enabled, but be aware about the current capacity of the switches.

Boradcast is replaced by multicast as well in IPv6, but if you already found the ports where the workstations connect to, you can control a possible storm by issuing the per-port command storm-control multicast level (level). After a certain threshold, the port will put into an err-disable state, and by bouncing it (shutdown, then no shutdown), it will become operational again. If this is inconvenient for some reason, I would try for the PCs not to go into sleep mode.

- Ed

View solution in original post

educruz · ‎09-01-2014

Hi Arjen,

Have you tried show ipv6 neighbors?

Either on the 6500 or the 3750 you should be able to see something like this:

Router# show ipv6 neighbor port-channel1.11

1 Interface Port-channel1.11, entries 4, static 0, limit 4, ignored 0

1 IPv6 Address Age Link-layer Addr State Interface
1 2001:2::93 0 aabb.cc00.5d02 REACH Po1.11
1 FE80::A8BB:CCFF:FE00:5D02 0 aabb.cc00.5d02 DELAY Po1.11
1 2001:2::92 0 aabb.cc00.5d01 STALE Po1.11
1 2001:2::95 0 aabb.cc00.5d01 STALE Po1.11

Let me know if you find this helpful.

Kind regards,

- Ed

Arjen K · ‎09-01-2014

I have tried "show ipv6 neigbors", it doesn't give any result on the 6500s or 3750s stacks I have tried. Do you need ipv6 commands/features enabled on the switches to get result?

educruz · ‎09-01-2014

I would like to assume that you already found the hosts, please correct me if I am wrong.

In IPv6, Neighbor Discovery (ND) replaces Address Resolution Protocol (ARP) so show mac-address-table will not provide any outcome with regards to IPv6 in any switch unless IPv6 ND is enabled.

Depending on the specifics of the 6500 and the 3750 you can find a configuration guide on Cisco if you would like to have it enabled, but be aware about the current capacity of the switches.

Boradcast is replaced by multicast as well in IPv6, but if you already found the ports where the workstations connect to, you can control a possible storm by issuing the per-port command storm-control multicast level (level). After a certain threshold, the port will put into an err-disable state, and by bouncing it (shutdown, then no shutdown), it will become operational again. If this is inconvenient for some reason, I would try for the PCs not to go into sleep mode.

- Ed

ipv6 broadcast storm caused by HP EliteOne 800 with Intel i217-LM NIC, how to find the hosts?