Chris, can you elaborate on why low TTL on multicast frames will cause high CPU?
Sebastien, as Chris pointed out anything in the 224.0.0.0/24 will hit the CPU, but so will a few other ranges that fall into the Link-Local block. This is a good guide someone else on the list forwarded me a few months back: http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00802d4643.shtml#wp1002391 do you have any other multicast sources hitting the 4500? I kind of doubt you've got enough VRRP traffic to peg your CPU. I believe you can put a multicast policier in your lo0 filter, but you need to size it appropriately to allow the multicast required in your network (including things like VRRP). HTH, -andy ________________________________________ From: juniper-nsp [juniper-nsp-boun...@puck.nether.net] on behalf of Chris Evans [chrisccnpsp...@gmail.com] Sent: Wednesday, March 05, 2014 6:52 AM To: Juniper NSP Subject: Re: [j-nsp] Multicast/Broadcast Packets going to EX CPU low TTL on the multicast frames will cause this.. Also the multicast destination addresses will do this too if they're in 224.0.0.0/24 On Wed, Mar 5, 2014 at 8:49 AM, Sebastian Wiesinger < juniper-...@ml.karotte.org> wrote: > Hello, > > I'm currently looking at an EX4500 setup that had a few problems > related to multicast/broadcast packets going to the CPU (and sometimes > preventing required packets like LACP reaching the CPU) of the switch. > I assume this was because the queue between PFE and CPU was full (is > there a way to check?). > > I noticed that multicast and broadcast packets in all VLANs are sent > to the CPU. My question is why? IGMP snooping and VSTP is not enabled > on the switch and apart from that I don't see an apparent reason why > it should do this for tagged frames. > > Example of packets being sent to the CPU includes VRRP packets from > attached routers (DMAC 01:00:5e:00:00:12) and BOOTP/DHCP (DMAC > ff:ff:ff:ff:ff:ff) packets. > > Would an lo0 firewall filter help? Is this applied before or after the > packets are sent over the PFE-CPU link? > > Perhaps you could share your ideas on how this could be prevented and > what you're doing to protect the CPU on these EX boxes. > > Regards > > Seastian > > -- > GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) > 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE > SCYTHE. > -- Terry Pratchett, The Fifth Elephant > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp