HPE Community
Switches, Hubs, and Modems
1752600 Members
4468 Online
108788 Solutions
New Discussion юеВ

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

 
Stefan Priebe
Frequent Advisor

тАО10-05-2009 11:39 PM

тАО10-05-2009 11:39 PM

How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Hi!

First a short netzwork plan:
Uplink 1 Uplink II
| |
[Foundry]----------[Foundry]
| |
| |
[HP 2824]----------[HP 2824]
| |
| |
-----[HP 2650]-----
|||
MULTIPLE SERVERS

We use VRRP on the Foundry Bigiron for IP failover and RSTP in the whole network.

Now all these broadcastmessages are reaching the servers at the HP 2650 too. So i would like to know if it isn't a security risk and if there is a way to filter them. At the moment it is about 2GB per day per port at the HP 2650.

thanks
Stefan
0 Kudos
22 REPLIES 22
Stefan Priebe
Frequent Advisor

тАО10-05-2009 11:41 PM

тАО10-05-2009 11:41 PM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

I forgot to click retain format. So here the map again:
Uplink 1 Uplink II
| |
[Foundry]----------[Foundry]
| |
| |
[HP 2824]----------[HP 2824]
| |
| |
-----[HP 2650]-----
|||
MULTIPLE SERVERS
0 Kudos
Tijl van der Steeg
Valued Contributor

тАО10-05-2009 11:56 PM

тАО10-05-2009 11:56 PM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

For RSTP you can use bpdu-filtering
port a5 bpdu-filter etc

Not sure about VRRP.
0 Kudos
Stefan Priebe
Frequent Advisor

тАО10-06-2009 12:09 AM

тАО10-06-2009 12:09 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

oh yes i forgot about bpdu-filter you're right. But the most problem are the VRRP packets. I thought there must be a filter like block all broadcasts except for ARP or so.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-06-2009 11:46 PM

тАО10-06-2009 11:46 PM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

From some VRRP-document:

The master virtual router sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master virtual router. The VRRP advertisements are encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to
the VRRP group. The advertisements are sent every second by default; the interval is configurable.

- So this is multicast, not broadcast.
- you can configure the interval
- you may be able to split into multiple VRRP-groups to separate traffic on the server vlan from other vrrp traffic.
0 Kudos
Tijl van der Steeg
Valued Contributor

тАО10-07-2009 12:02 AM

тАО10-07-2009 12:02 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Cheers I was searching for configuring the interval as well. 5 virtual points :P
0 Kudos
Mohammed Faiz
Honored Contributor

тАО10-07-2009 12:43 AM

тАО10-07-2009 12:43 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

So if IGMP was configured on that VLAN that would mean the VRRP advertisements would not be broadcast, yes?
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-07-2009 12:57 AM

тАО10-07-2009 12:57 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Hi Mohammed,
sometimes it's difficult to use the right terminology.
- So this is multicast, not broadcast
Here the document means TCP/IP-multicasts.

The packet is sent to a TCP/IP multicast address but as there is no entry in the mac-address table of the switch, it wil be sent (flooded not broadcast) to all ports.
IGMP (snooping) is used to prevent a switch from "flooding" a packet (not broadcast) to all ports, but only forward the packets to ports that have subscribed to the corresponding multicast group.

does this help?
0 Kudos
Stefan Priebe
Frequent Advisor

тАО10-07-2009 01:37 AM

тАО10-07-2009 01:37 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

thanks - how do i define a multicast group on HP 2824? And does this also affects STP or only VRRP?
0 Kudos
Pieter 't Hart
Honored Contributor

тАО10-07-2009 02:01 AM

тАО10-07-2009 02:01 AM

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

STP is a layer-2 protocol (mac-based)
VRRP is a layer-3 protiocol (ip-based)

so you need different solutions for both protocols.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.