HPE Community
Switches, Hubs, and Modems
1753783 Members
7149 Online
108799 Solutions
New Discussion юеВ

2524 switch CPU 91% after receiving invalid multicast from cisco

 
Igoris_1
Frequent Advisor

тАО03-12-2007 09:35 PM

тАО03-12-2007 09:35 PM

2524 switch CPU 91% after receiving invalid multicast from cisco

It seems 2524 switch get's crazy- CPU utilization from 21% goes to 91%, event log does not show any problem, packet monitoring shows some invalid multicast packets, coming from cisco device, which is on a clients side, see attached screenshot. Switch has latest firmware F.05.55 and is configured with 13 VLANs. On the same VLAN, where multicasts are coming I see big increase in traffic, but strange thing is that it seems traffic is generated by switch itself. When I reboot switch, CPU utilization is 21% and everything looks fine, but the next day problem comes back. Any ideas?
0 Kudos
8 REPLIES 8
Matt Hobbs
Honored Contributor

тАО03-13-2007 04:55 PM

тАО03-13-2007 04:55 PM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

Have you tried enabling IGMP on that VLAN?
0 Kudos
Richard Brodie_1
Honored Contributor

тАО03-13-2007 10:40 PM

тАО03-13-2007 10:40 PM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

From the sample, you have a high (apparently) bogus multicast rate sent from a Cisco source address to a Cisco multicast address.

How does that much up with the Procurve being the source of the traffic? From the information you've posted it just looks like the Cisco has gone loco and is crapflooding your LAN. If that was just a brief event, how do the traffic patterns alter after?

If rebooting the Procurve fixes it, maybe just pulling the link down briefly would too.
0 Kudos
Igoris_1
Frequent Advisor

тАО03-13-2007 11:15 PM

тАО03-13-2007 11:15 PM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

disable source port does not help.
Now what I found after deeper investigation: there are three 2524 switches connected into chain and STP is running. In spite of gigabit port 25 (connected to another 2524) is blocked by STP on one of the switches I see traffic still passing that port from other switch, SNMP monitoring shows that, looks like multicast packets get into the loop and flood all three switches. All 3 CPUs utilization is almost the same- 91%.
Now question: is that right that STP blocked port is still forwarding some non standard multicast packets?
0 Kudos
Igoris_1
Frequent Advisor

тАО03-13-2007 11:23 PM

тАО03-13-2007 11:23 PM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

regarding IGMP VLAN has no IP address, and according to documentation Reserved Addresses are Excluded from IP Multicast (IGMP) Filtering. Is it worth to enable IGMP in this case?
0 Kudos
Richard Brodie_1
Honored Contributor

тАО03-14-2007 03:09 AM

тАО03-14-2007 03:09 AM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

The multicast address is used Cisco CDP/VTP not an IP one at all. I doubt IGMP will affect it.
0 Kudos
Igoris_1
Frequent Advisor

тАО03-15-2007 08:33 AM

тАО03-15-2007 08:33 AM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

there is a fix in release F.05.55 RSTP (PR_99049) ├в Switch does not detect and block network topology loops on a single
port.
It seems it is not fixed properly, some type of packets are still passing blocked port. Any comments? I will submit software case tomorrow.
0 Kudos
Matt Hobbs
Honored Contributor

тАО03-15-2007 10:38 AM

тАО03-15-2007 10:38 AM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

By the sounds of it, it is blocking those packets but they are still hitting the CPU. Certain packets need to be sent to the CPU to see if they need further processing, e.g. BPDU's, Broadcast traffic... I would say this is expected behaviour. You should track down exactly what is sending out that traffic in the first place.
0 Kudos
Igoris_1
Frequent Advisor

тАО03-15-2007 06:52 PM

тАО03-15-2007 06:52 PM

Re: 2524 switch CPU 91% after receiving invalid multicast from cisco

while CPU is 91% every port in affected VLAN is sending out 1,5 Mbps, I could not find such traffic coming into the switches, it was definitely the loop generated traffic. When I disabled switch1 port going to switch2, which was blocked by STP on that switch2, then CPU utilization dropped to 20% on all three switches and traffic 1,5 Mbps disappeared. That proves it was a loop initiated by specific multicast packets.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.