AMD Phreak
Premium
join:2003-12-14 | [HELP] LLDP Multicast storm
Anyone here ever seen when a device is plugged into a switch, it causes an LLDP multicast storm? |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Define "multicast storm". I assume you are seeing a log message or alert on the switch that is stating this? LLDP is nothing more than an unsolicted advertisement protocol for a device to announce itself and capabilities to any neighboring devices on a network segment.
»en.wikipedia.org/wiki/Link_Layer···Protocol
Multicast on a layer 2 segment is treated like a broadcast by the majority of switches with default configuration. You could enable Wireshark on a PC plugged into the same switch on the same VLAN and capture the traffic destined to the multicast MAC 01:80:c2:00:00:0e to see how much of an actual "storm" is being created. It should just be single frames at a fixed interval.
--
Scott, CCIE #14618 Routing & Switching
Too bad those that know it all can't do it all.
»www.thewaystation.com/techref/tech.shtml
»blog.thewaystation.com/ |
|
deepblackmag
join:2004-12-27
00000
| I have seen an "issue" before where a 3550 or 3750 with IGMP snooping enabled will start flooding all multicast frames (all multicast groups) out a port after a single announcement (to any one multicast group) on a given port. This brought down a section of a large campus, still not sure why that all happened.
Is there other non-lldp multicast traffic crossing this switch? |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
I ask because i just installed a RAD IPMUX and it started trashing the switch. I hooked it through a hub and sniffed with wireshark and it was so much of a storm (lldp was all that was showing up) that it crashed the laptop.
I find it interesting that a device that is supposed to be connected to a user or switch is doing this. |
|
deepblackmag
join:2004-12-27
00000
1 edit | What kind of switch is it plugged into?
Was the switch sending the LLDP traffic back to the ipmux? Was the switch spamming the LLDP out any other ports?
What was on the other end of the ipmux? Whats the full topology look like? Is it possible that bridging through an ipmux created a loop?
Quick edit: My experience with some pseudowire / EPLS services (ipmux could possibly?) dont pass spanning-tree BPDUs.
This would permit a loop to exist in the topology and never be detected. |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| reply to AMD Phreak
Yeah, what deepblackmag  said. Have you somehow created a loop in the ethernet segment?
The LLDP traffic uses a multicast MAC address as it's target which any switch should treat as a broadcast. If you have a loop in the topology that traffic will just keep replicating and replicating without end until it eats all the bandwidth and processing power of the switch. That is why it is ultra-critical to never create a loop in the topology. That is the purpose of the Spanning-Tree Protocol. Prevents you from accidentally creating a loop in your topology. If you tune spanning-tree well you can even use it for fault tolerance so you can have redundant links.
--
Scott, CCIE #14618 Routing & Switching
Too bad those that know it all can't do it all.
»www.thewaystation.com/techref/tech.shtml
»blog.thewaystation.com/ |
|
AMD Phreak
Premium
join:2003-12-14
1 edit | reply to AMD Phreak
I suspect the device was creating the loop, because when I turned off LLDP in the switch and then I disabled TX and RX of LLDP on the port it ceased, but the switch light actually kept flashing as though it were a storm, but the issues were not there anymore.
Interesting.
Edit: I think it might have been the actually the Alcatel device flooding the lldp frames.
The switch is not actually a Cisco product but an Alcatel. I had no where else to ask this though. I did actually test this on a 2950 from my home lab, and the 2950 actually just shut the port down....
--
"No job is so important, and no service is so urgent that we cannot take the time to perform our work safely."
-- AT&T, Your World, Destroyed.
--Safety One Tower Rescue Certified
--LLigetfa:"Wimax is like teenage sex. Everyone talks about doing it." |
|
