Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2308
Views
0
Helpful
9
Replies

Multicast heartbeat on servers

katerina.dardoufa
Level 4
Level 4

‎02-25-2013 03:55 AM - edited ‎03-07-2019 11:55 AM

Hello all,

We have the attached topology.

The two servers (red hat) use multicast for their heartbeat. Unrouted vlan 99 (only layer 2) is configured on the VTP Servers (6509).

I have read this document

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml

Switches 1 and 2 have IOS: c2960s-universalk9-mz.122-55.SE3.bin

and the 6509: s72033-advipservicesk9_wan-mz.122-18.SXF17a.bin

IGMP snooping is enabled on the 2960 switches.

In order for the heartbeat of the servers to work, I have tried these solutions:

  1. disable igmp snooping for vlan 99 on switch-1 & switch-2. (No additional action was taken on the 6509). This didn't work. I expected that the multicast traffic would be sent as broadcast throughout the network, but for some reason it didn't work.
  2. on switch-1 & switch-2 configured "ip igmp snooping vlan 99 querier" (no additional actions on 6509). Didn't work either.
  3. on switch-1 & switch-2 configured "ip igmp snooping vlan 99 mrouter interface gigabitEthernet 1/0/25" & "ip igmp snooping vlan 99 mrouter interface gigabitEthernet 1/0/26" for the two connections to the 6509. Again no actions taken on 6509. Didn't work.

I want static mac entries on the switches to be my last resort, since the number of red hat servers on the network is going to increase and I want to give a more generic solution to the issue.

Any insight on the matter would be extremely helpful.

Thank you in advance,

Katerina

Labels:
Preview file
1 KB
Preview file
1 KB
0 Helpful
9 Replies 9

katerina.dardoufa
Level 4
Level 4

‎02-26-2013 12:15 AM

There seems to be something wrong with the files I uploaded, so I will describe the topology.

We have two 6509 connected via Portchannel. Switches Sw1 & Sw2 have redundant connections to both 6509 and the two servers (srv1 & srv2) have redundant connections to both Sw1 & Sw2.

Thanks!

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to katerina.dardoufa

‎02-26-2013 02:59 AM

Hello Katerina,

I would suggest the following:

a) when disabling IGMP snooping for Vlan 99 try do this on all involved switches including the two C6509

this approach may be acceptable if vlan 99 is dedicated to these heartbeats

b)   a possible different approach to take advantage of IGMP snooping may be the following: vlan 99 should be not routed, however you can think of Vlan 99 SVIs as member of a dedicated VRF with multicast routing enabled. In this way traffic should be isolated in Vlan 99, but IGMP snooping can be used or at least combined with ip igmp querier.

Hope to help

Giuseppe

0 Helpful

katerina.dardoufa
Level 4
Level 4
In response to Giuseppe Larosa

‎02-26-2013 03:24 AM

Hello Giuseppe,

I don't think that igmp snooping is enabled on my  6509. "sh ip igmp snooping statistics" shows absolutely nothing. Is  there another way to verify this?

I don't follow your second suggestion.

I  have already created an SVI on the 6509 (even though the vlan is  unrouted). Do you propose to add the command "ip igmp querier" under the  SVI and globally enable multicast routing?

Thanks in advance,

Katerina

0 Helpful

francisco_1
Level 7
Level 7
In response to katerina.dardoufa

‎02-26-2013 05:22 AM

have you tried enabling mrouter on a layer2 port connecting your switches?

0 Helpful

katerina.dardoufa
Level 4
Level 4
In response to francisco_1

‎02-26-2013 05:40 AM

Hello francisco_1,

I have tried everything that is written in the document you suggested. Maybe the system guy is doing something wrong!

Every time I implement one of the things in the document (except for pim, which is not suited in our case) he says that the multicast is not working (unfortunately I cannot check it myself, or is there a way????)!

I have now added the static entries, but I really do prefer to go with either mroute or querier!!!!

So, questions:

  1. how do I check that my 6509 is not running IGMP (sh ip igmp interfaces, shows nothing)?
  2. should the querier command be implemented on the two access switches, but also under the SVI?

Thanks in advance,

Katerina

0 Helpful

francisco_1
Level 7
Level 7
In response to katerina.dardoufa

‎02-26-2013 05:44 AM

so the next step i would take is confirm these servers are sending multicast traffic /etc. you could try tcpdump on the servers and also use netstat to verify few things like netstat -g shows which interface & mulicast group they are joining /etc

user1@servers1:/home/user1> netstat -g

IPv6/IPv4 Group Memberships

Interface       RefCnt Group

--------------- ------ ---------------------

lo              1      all-systems.mcast.net

eth0            1      239.255.254.255

eth0            1      239.2.11.71

eth0            1      all-systems.mcast.net

eth1            1      all-systems.mcast.net

lo              1      ipv6-allnodes

eth0            1      ff02::1:ff59:7631%lo

eth0            1      ipv6-allnodes

eth1            1      ipv6-allnodes

eth3            1      ipv6-allnodes

eth4            1      ipv6-allnodes

eth2            1      ipv6-allnodes

eth5            1      ipv6-allnodes

eth0            1      239.2.11.71

user1@servers1:/home/user1> netstat -s

pExt:

    InNoRoutes: 0

    InTruncatedPkts: 0

    InMcastPkts: 4246526

    OutMcastPkts: 944798

    InBcastPkts: 576198

    OutBcastPkts: 0

    InOctets: 8140682997

    OutOctets: 11416376132

    InMcastOctets: 173821630

    OutMcastOctets: 54146926

    InBcastOctets: 83425218

   OutBcastOctets: 0

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to katerina.dardoufa

‎02-26-2013 05:34 AM

Hello Katerina,

it looks like strange to have igmp snooping disabled on the C6509.

IGMP snooping is enabled by default if your configuration does not contain

no igmp snooping

at global configuration level I would say it is still enabled

You can check with

show ip igmp interface vlan#

I don't know why the show command you are using has an empty output

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snooigmp.html#wp1020580

B)

my second suggestion is more complex:  what I'm suggesting is to use a VRF with multicast enabled on the VRF and to put SVI vlan 99 into it, in this way the traffic can be routed but it is isolated at the same time from global routing table.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/mvpn.html#wp1079362

ip vrf mvpn-cus1


 rd 200:1


 route-target export 200:1


 route-target import 200:1


 mdt default 239.1.1.1


!


ip multicast-routing 


ip multicast-routing vrf mvpn-cus1

+

interface vlan 99

ip vrf forwarding mvpn-cus1

! retype ip address and mask

ip address x.x.x.x 255.255.255.y

ip pim sparse-dense-mode

!

this enables PIM and IGMP in vlan 99. Now the only possible issue is if the server NICs answer regularly to the IGMP queries or not.

If they do not answer to IGMP queries disabling IGMP snooping is the only avaiable option.

I have seen some servers using as heartbeat link local addresses like 224.0.0.xx. This range of local link multicast addresses is not processed by IGMP snooping and it should work with default configuration.

It would be wise to know what multicast address is used for this heartbeat function. performing a packet capture on the server NIC or using a SPAN session on the switch can give this answer,

Edit:

the multicast heartbeat could even be non IP based but just an OSI layer 2 multicast frame, so a packet capture is a wise step.

Hope to help

Giuseppe

0 Helpful

katerina.dardoufa
Level 4
Level 4
In response to Giuseppe Larosa

‎02-26-2013 06:03 AM

The mutlicast address of the heartbeat is 239.192.48.105, so there are no problems with link local address (224.0.0.xxx).

There is no command "no igmp snooping" on the 6509, but "show ip igmp interface vlan x" has the following (for any vlan not admin shut - vlan 99 is admin shut, since it is only layer 2):

sh ip igmp interface vlan 21

Vlan21 is up, line protocol is up

  Internet address is xxxxxx/24

IGMP is disabled on interface

  Multicast routing is disabled on interface

  Multicast TTL threshold is 0

  No multicast groups joined by this system

IGMP snooping is globally enabled

  IGMP snooping is enabled on this interface

  IGMP snooping fast-leave (for v2) is disabled and querier is disabled

  IGMP snooping explicit-tracking is enabled

  IGMP snooping last member query response interval is 1000 ms

  IGMP snooping report-suppression is enabled

So I guess that igmp snooping is globally enabled, even though "show ip igmp interface (without the vlan word)" shows nothing.

So, in order to "broadcast" the multicast traffic I should disable igmp snooping for vlan 99 on all implicated switches and the 6509!

The second answer seems interesting, but I guess it would apply if vlan 99 was routed.

For the time being I have added static mac entries on the network devices, and I am awaiting for feedback from the system admin.

I will update the post with any further findings!

Thanks y' all!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card