How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Stefan Priebe · ‎10-07-2009

OK so for STP bpdu-filter is the solution and for VRRP a multicastgroup or IGMP or multicastgroup + IGMP?

Pieter 't Hart · ‎10-07-2009

As all your switches have multiple links between them, you NEED spanning-tree on these ports and must NOT enable bpdu-filtering on these ports.

BPDU filter affects incomming packets on a port not packets sent to the port.
A server on a normal access port should not send BPDU packets a filter thus will have no effect.
So how do your servers receive BPDU packets? How are your server ports on the 2650 configured?

The problem may lie deeper like coexistence between STP, PVSTP, MSTP. Resulting in more STP-packets than neccessary.
I think the foundry may use PVSTP (per vlan STP) where the procurve will use MSTP (multiple instance STP).
RSTP is the "rapid" version and may occur on all these vaiants.

Stefan Priebe · ‎10-07-2009

No all devices are working in RSTP mode - as PVSTP is not supported by HP.

The ports where the servers are were receiving BPDU Packets from the HP 2650 switch - what is correct cause the switch send these packets to all ports except i configure a BPDU filter for the ports where the servers are connected. That is what i understood. So this is fixed with BPDU-Filter for the ports where no other switch is connected.

So my only problem which is left are the VRRP pakets. And i would like to know if i need only a multicast group or multicast plus IGMP?

Sorry it's not so easy for me to explain it in english.

Stefan Priebe · ‎10-13-2009

@Pieter 't Hart
could you please answer my last question? That would be really nice.

Pieter 't Hart · ‎10-13-2009

The answer is allready there (7-oct 8:57).
You'll need both.

The multicast group is configured between the devices that really communicate using multicast.
The source sends packets to a multicast-adress that basically will be sent to all ports in the vlan, as this mac-address is not bound to a switch-port.
IGMP (snooping) is configured on the switch(es), so the above behaviour is reduced to ports that actually joined the multicast group.
The switch does this by listening to (snooping) the IGMP join packets.

Stefan Priebe · ‎10-14-2009

as i don't want to route multicast - isn't it easier using
ip igmp blocked
command than IGMP on the HP switches? Or is IGMP def. the way to go.

Stefan Priebe · ‎10-14-2009

Pieter 't Hart · ‎10-14-2009

>>> mhm i'm still receiving mcast traffic on port 10: <<<
how do you detect this?
you've got a network analyzer connected to this port?

>>> isn't it easier using ip igmp blocked <<<
igmp is NOT all multicast traffic!
igmp is a protocol to control muticasts (to routers).
if you block the igmp traffic, the mutlicasts source still sends the multicast messages out within the vlan!
and the switch cannot use igmp-snooping!

so the effect of blocking igmp is more negative than positive.

Stefan Priebe · ‎10-14-2009

> you've got a network analyzer connected to
> this port?
yes => wireshark

>>> isn't it easier using ip igmp blocked
>>> igmp is NOT all multicast traffic!
mhm OK - but if igmp is active it works for ALL multicast traffic? Cause VRRP is a known protocol and in switchdocumentation is written IGMP works not for known IPs... but i don't want that the customers see the VRRP pakets.

Pieter 't Hart · ‎10-14-2009

>>> but if igmp is active it works for ALL multicast traffic? <<<
If you talk about igmp-snooping NO.
There are "just" multicast messages and multicast GROUPS. igmp concerns multicast-groups! VRRP does NOT!

>>>
Cause VRRP is a known protocol and in switchdocumentation is written IGMP works not for known IPs... <<<
I don't understand what you mean here...

>>> but i don't want that the customers see the VRRP pakets. <<<
Is this really a problem?
Then you must isolate the redundant routing paths from the subnets of the customers.
A may do this by configuring the 2650 with routed uplinks and let it route to a separate vlan/subnet where the servers reside. this way the 2650 can see the vrrp packets but never forwards (routes) vrrp-packets to the servers. The customers only communicate to the 2650's address in this subnet.

How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Re: How to filter unnecessary Broadcast Messages? (like VRRP, STP)

Hewlett Packard Enterprise International