Bridge Domain and multicast traffic

Hi All,
i am planning to build a Point to multipoint network based on ME3600X switch at the HQ and ISR 2900 routers at the Branches. i need to simulate a lan service.
i though of using EOMPLS at the ISR 2900 and closing them at the ME3600X. at the ME3600X i will use bridge domain to have this point to multipoint functionality.
at the configuration guide i saw that when i am using bridge domain i need to disable IGMP snooping on every Vlan.
my question is how the bridge domain treat Multicast traffic ?
furthermore, can i mix EOMPLS and Bridge Domain ?
Thanks,
Avi.

Hi Avi,
ME3600X doesn't support VPLS yet (check with your account team for the roadmap) so I don't think your design will work here. What you can do is having a router behind the ME3600X which will have a dedicated VLAN with each remote site.
HTH
Laurent.

Similar Messages

ACE in bridged mode and multicast

We have configured an ACE SM in bridge mode and have a requirement to enable multicast on one of the networks where the back-end servers are residing. Will ACE support multicast out of the box, or will we need to do any tweaking on the ACE to enable the multicast support?
Thanks..

Hi Gilles,
Is it also supported in routed mode?
The ace isn't doing multicast routing right?
Actually, the server-side vlan is being routed on the C6500 and has pim sparse-dense mode enabled.
We want to move this server-side vlan behind the ace in routed mode. What about the pim?
Any ideas?
thanks,
Dario

Bridge-domain and trunk configuration on ES20 card.

Hello.
I have two 7609-S boxes equipped with ESM20G cards and WS-X6748-GE-TX cards. A trunk is configured on ports of WS cards between these devices. A very important system is to be connected with two optical links to both devices via ES20 cards for redundancy. I consider configuring it using EVC framework in the following way:
service instance -> bridge-domain XXX -> interface VLAN XXX and enable HSRP on my devices.
I am not sure what is the structure of conecting system so I would like to have some kind of L2 connectivity between my devices for this connection. For other connections made using ports on WS card a dedicated VLAN is allocated for every one of them and then this VLAN is simply put in trunk between devices. Can I simply add vlan XXX to the list of VLANs allowed on the WS-card-based-trunk or do I have to utilize some completely different solution? Links to any related documentation are appreciated. Tomorrow I am going to test this configruation any way but I would like to have some backup solution in case this will not work.
Thanks in advance,
Andrew.

Hi Andrei,
Im having the same dilemna and im wondering if you were able to find a solution for this?
I need to support HSRP on a vlan interface with bridging over port channel bundled interface between routers.
im trying this but i cant seem to get this to work.
----R2----
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.2 255.255.255.248
standby 1 ip 10.1.1.1
standby 1 priority 110
standby 1 preempt
end
interface Port-channel1
no ip address
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
--- R2----
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.3 255.255.255.248
standby 1 ip 10.1.1.1
end
interface Port-channel1
no ip address
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
BR//
Chanuka

HREAP and Multicast traffic

I have a controller sat on a network (10.10.10.0/24) with a management address of 10.10.10.250. There's a distant site we have at the other side of the network with a range at 192.168.0.0/24. I have 5 thin HREAP access points on this network with three WLANs from the controller and one WLAN delivered via a trunk point with VLAN 2 tagging (the 192.168.0.0/24 network is VLAN1). The VLAN2 (e.g. 172.16.0.0/24) network is basically an untrusted network to us , but I didn't think this would matter as the HREAP config would mean that none of this traffic should even leave the access point - apart from stats/client info.
However, i've recently been seeing something odd in that there must be some multicast-talking clients on this untrusted network and whatever they are talking about I can see on my management LAN (10.10.10.0). I can basically see multicast packets with source IPs from the untrusted network. How is this possible? More importantly how can I stop it?
All network numbers are just examples. Any help or ideas would be gratefully received.

Hi Stuart,
Just to clarify a point:
"but I didn't think this would matter as the HREAP config would mean that none of this traffic should even leave the access point"
Keep in mind that when an ap is hreap mode, the ap essentially acts like a switch with respect to its ethernet port. When it gets a packet from the wireless side, if appropriate, it tags it and puts it on the wire.
Under ordinary circumstances (unless something is configured to stop this), if a wireless client connected to an hreap ap sends a multicast packet, it absoutely will be put on the wire by the ap, just as a broadcast would. I just confirmed this with lab equipment.
So if there isn't a routed path from the remote untrusted networks to your mgmt vlan, there may (should) be L3 multicast routing configured for the untrusted and your management routed interfaces. Is this the case?
thanks
Jeff

Bridge-domain traffic paths

Hi guys,
Couldn't really get into logic of bridge-domain and hsrp coexistence. How traffic will be flooded?
Imagine following topology:
Bridge-domain and hsrp is running between ASR1 and ASR2.
Host C has two network adapters. Both are in UP state, but only one of them is forwarding traffic.
I am curious, what path traffic will take from host A to host C and from B to C in situation when :
1) net.adapter #1 is active
2) net.adapter #2 is active
p.s. active router for hsrp remains the same.
We have captured traffic on the devices, and it was a bit confusing to me that standby hsrp router was forwarding traffic from host B out of g0/0/0/0 and pw 3
I would appriciate any help...

Okay, that really make sence. Thank You very much for the explanation!
Yes, You are right, that's RNC.
Theoretically the MAC address should be flushed away from the memory when the switchover of the network card appears, because, the connection for some seconds goes down.
Could You please tak a look on the following output:
As I understand, both ASR's do know where 0040.4384.8260 (This is RNC NPGEP mac address) is. So basically there should not be any flooding..
RP/0/RSP1/CPU0:ASR9k-1#sh l2vpn forwarding bridge-domain RNC:RNC3_TEST mac-address detail location 0/0/CPU0
Mon Dec 2 21:05:25.639 EET
Bridge-domain name: RNC:RNC3_TEST, id: 20, state: up
MAC learning: enabled
MAC port down flush: enabled
Flooding:
   Broadcast & Multicast: enabled
   Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC Secure: disabled, Logging: disabled
DHCPv4 snooping: profile not known on this node
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
IGMP snooping: disabled, flooding: enabled
Routed interface: BVI3, Xconnect id: 0x8000001f, state: up
IRB platform data: {0x14000a, 0x1, 0x0, 0x80000000}, len: 16
Bridge MTU: 1500 bytes
Number of bridge ports: 2
Number of MAC addresses: 2
Multi-spanning tree instance: 0
Mac Address: 0000.0c07.ac03, LC learned: N/A
   Resync Age: N/A, Flag: static, BVI
Mac Address: 6c9c.ed0a.2e3d, LC learned: N/A
   Resync Age: N/A, Flag: static, BVI
GigabitEthernet0/0/0/0, state: oper up
    Number of MAC: 1
    Statistics:
      packets: received 48765801690, sent 309298266072
      bytes: received 33416543382293, sent 54307173696538
    Storm control drop counters:
      packets: broadcast 0, multicast 0, unknown unicast 0
      bytes: broadcast 0, multicast 0, unknown unicast 0
    Dynamic arp inspection drop counters:
      packets: 0, bytes: 0
    IP source guard drop counters:
      packets: 0, bytes: 0
Mac Address: 0040.4384.8260, LC learned: 0/0/CPU0
   Resync Age: 0d 0h 0m 0s, Flag: local
Nbor 10.9.9.253 pw-id 3
    Number of MAC: 1
    Statistics:
      packets: received 19771488146, sent 198111062527
      bytes: received 10977874479587, sent 50825792902418
    Storm control drop counters:
      packets: broadcast 0, multicast 0, unknown unicast 0
      bytes: broadcast 0, multicast 0, unknown unicast 0
    Dynamic arp inspection drop counters:
      packets: 0, bytes: 0
    IP source guard drop counters:
      packets: 0, bytes: 0
Mac Address: 6c9c.ed0a.9ced, LC learned: 0/0/CPU0
   Resync Age: 0d 0h 0m 0s, Flag: global
   L3 encapsulation Vlan: 2558
RP/0/RSP1/CPU0:ASR9k-2#sh l2vpn forwarding bridge-domain RNC:RNC3_TEST mac-address detail location 0/0/CPU0
Mon Dec 2 21:05:49.504 EET
Bridge-domain name: RNC:RNC3_TEST, id: 15, state: up
MAC learning: enabled
MAC port down flush: enabled
Flooding:
   Broadcast & Multicast: enabled
   Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC Secure: disabled, Logging: disabled
DHCPv4 snooping: profile not known on this node
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
IGMP snooping: disabled, flooding: enabled
Routed interface: BVI3, Xconnect id: 0x8000001a, state: up
IRB platform data: {0xf000a, 0x1, 0x0, 0x80000000}, len: 16
Bridge MTU: 1500 bytes
Number of bridge ports: 2
Number of MAC addresses: 3
Multi-spanning tree instance: 0
To Resynchronize MAC table from the Network Processors, use the command...
    l2vpn resynchronize forwarding mac-address-table location
GigabitEthernet0/0/0/0, state: oper up
    Number of MAC: 0
    Statistics:
      packets: received 782133119087, sent 620642426712
      bytes: received 514958352902308, sent 107302134940298
    Storm control drop counters:
      packets: broadcast 0, multicast 0, unknown unicast 0
      bytes: broadcast 0, multicast 0, unknown unicast 0
    Dynamic arp inspection drop counters:
      packets: 0, bytes: 0
    IP source guard drop counters:
      packets: 0, bytes: 0
Nbor 10.9.9.254 pw-id 3
    Number of MAC: 3
    Statistics:
      packets: received 297905813562, sent 17722149746
      bytes: received 68165206300571, sent 10642920750826
    Storm control drop counters:
      packets: broadcast 0, multicast 0, unknown unicast 0
      bytes: broadcast 0, multicast 0, unknown unicast 0
    Dynamic arp inspection drop counters:
      packets: 0, bytes: 0
    IP source guard drop counters:
      packets: 0, bytes: 0
Mac Address: 0000.0c07.ac03, LC learned: 0/0/CPU0
   Resync Age: 0d 0h 0m 0s, Flag: global
   L3 encapsulation Vlan: 510
Mac Address: 0040.4384.8260, LC learned: 0/0/CPU0
   Resync Age: 0d 0h 0m 0s, Flag: global
   L3 encapsulation Vlan: 510
Mac Address: 6c9c.ed0a.2e3d, LC learned: 0/0/CPU0
   Resync Age: 0d 0h 0m 0s, Flag: global
   L3 encapsulation Vlan: 3582

Bridge-domain vs xconnect

Hi guys, I have been readying a few documents about VPLS/EoMPLS but still confuse about the bridge-domain and xconnect. Could you please provide any ideas which scenarios I should use bridge-domain and which should be for xconnect? What is the difference between them, any documens can explain this?
Thanks, Leo

The simple difference between the 2 is mac learning.
An Xcon will just throw everything it received over to the other end.
A bridge-domain will forward traffic based on the dmac knowing where it should go. If it doesnt know it goes flooding.
So if you have 2 circuits to connect only, VPWS or XCON is the right choice as it is simple, light weight and fast.
If you have more then 2 end points you will need a Bridge Domain which constitutes mac learning with the notion that flooding is intensive from a hw forwarding perspective and will consume more system resources in terms of mac tables.
xander
Xander Thuijs #6775
Principal Engineer ASR9000

Bridge domain questions

Hi everybody.
At work , I have seen a lot of bridge domains configured on a single switch. My question is what is bridge domain and why we use them. An example with configurations will be great.
Thanks and have a great day.

Hi Marvin and Rick
Please consider the following config and questions:
R1# show platform
Interrupt Throttling:
Throttle Count   = 00052552   Timer Count      = 00039372
Netint usec      = 00000800   Netint Mask usec = 00000240
Active           =        0   Configured       =        1
Longest IRQ(usec)= 00003999
MSFC CPU IDPROM:
IDPROM image:
(FRU is 'C7600 MSFC4 Daughterboard')
+++++++++++++++++++++++++++++++++++++++++
R1#show running-config interface gigabitEthernet 9/7
service instance 1251 ethernet
encapsulation dot1q 1251
rewrite ingress tacg pop 1 symmetri
bridge-domain 440
service instance 2001 ethernet
encapsulation dot1q 2001
rewrite ingress tag pop 1 symmetric
bridge-domain 440
+++++++++++++++++++++++++++++++++++++++++
Let say R1 receives a packet with vlan tag 1251 on g9/7. What will happen next? will R1 update its MAc table with source mac?
1)Will there be a mac table for bridge -domain 440? Do we have one-to one correspondence between the two i.e each bridge-domain has its own mac table.?
2)Let say R1 receives a packet with vlan tag 1251 on g9/7. What will happen next? will R1 update its MAc table with source mac?
3) Let say R1 receives a frame with vlan tag 1251 with destination mac ff:ff:ff:ff
What will R1 do next?
4)Will R1 forward it to all service instance in bridge-domain 440 except the one R1 receives the broadcast frame?
( in our case we have two service instances under bridge -domain 440 i.e service instance 1251 ethernet,service instance 2001 ethernet)
5) Will R1 change the vlan tag 1251 to 2001 when forwarding the broadcast frame out of instance 2001?
Appreciate your help.
Thanks

How to make ASR9000 bridge domain forward traffic between sub interfaces of same physical interface?

Hi,
I regularly use bridge domains to connect sub interfaces on different vlans using this sort of configuration:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/10.3122 l2transport
description CUSTOMER A CORE
encapsulation dot1q 3122
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
   interface GigabitEthernet0/0/0/5.21
   interface GigabitEthernet0/0/0/10.3122
When I try to use the same method to bridge two sub interfaces on the same physical interface so as to create a L2 VPN no data flows:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/5.22 l2transport
description CUSTOMER A WAN2
encapsulation dot1q 22
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
   interface GigabitEthernet0/0/0/5.21
   interface GigabitEthernet0/0/0/5.22
If I add a BVI interface to the bridge domain then the CE devices at the remote end of the WAN interface can both ping the BVI IP but they remain unable to ping each other.
Is this because tag rewrites are not happening since packets don't leave the physical interface?
How can I work around this and establish a L2 connection between the two subinterfaces?
Thank you

a vlan is usually the equivalent of an l3 subnet, so linking 2 vlans together in the same bridge domain, likely needs to come with some sort of routing (eg a BVI interface).
If these 2 vlans are still in the same subnet, then there is still arp going on, from one host to the other that traverses the bD.
you will need to verify the state of the AC, the forwarding in the BD and see if something gets dropped somewhere and follow the generic packet troubleshooting guides (see support forums for that also).
that might give a hint to what the precise issue in your forwarding is.
regards
xander

Which is prioritized for multicast traffic if FastSwitching and CEF is enable?

Hello
Here is the related configuration and output of show command below,
In my understanding, there are 3 swtching mode, CPU, fast-swthing and CEF swthing,
But if FastSwthing and CEF swithing are enable both, then which swithing mode is prioritized for mutlicast traffic?
interface Vlan302
ip address 10.0.20.1 255.255.255.0
3750X#sh ip int vlan 302
Vlan302 is down, line protocol is down
Internet address is 10.0.20.1/24
Broadcast address is 255.255.255.255
*omit
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is enabled
IP route-cache flags are Fast, CEF
*omit
interface Vlan301
ip address 10.0.10.1 255.255.255.0
no ip mroute-cache
3750X#sh ip int vlan 301
Vlan301 is down, line protocol is down
Internet address is 10.0.10.1/24
Broadcast address is 255.255.255.255
*omit
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF, No Distributed
*omit
Product : Cat3750X
IOS version : 15.0(2)SE5
Best Regards,
Masanobu Hiyoshi

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I'm not 100% certain, but I believe FastSwitching and CEF switching apply to unicast, not multicast. Your "IP mroute-cache" command enables/disables fast multicast switching.
On a 3750, switching should be hardware based, for unicast and multicast, unless TCAM resources are insufficient. If hardware switching falls back to non-hardware switching, you'll likely find process vs. Fast vs. CEF vs. multicast doesn't matter, all too slow.

Load distribution not so even for multicast traffic (ECMP) between a GSR 12410 (XR) and a CRS-1 router

Hi,
I have a scenario in which I see the multicast S,G streams are distributed not so even in the 3 interfaces between a GSR 12404 (XR 3.8.4) and a CRS1 (XR 3.6.2). The multicast mode is SSM.
The total S,G (sources and multicast groups) are 82.
The topology is as follows:
                                               ---link 1--------
Multicast sources ----- CRS1 ---link 2-------- GSR12404------- Receivers
                                                ---link 3--------
From the total of 82 S,G coming from multicast sources, I see the following S,G distribution between the three links:
Link 1: 37 S,G
Link 2: 21 S,G
Link 3: 24 S,G
The big question is why the Link 1 has very different number of S,G compared to link 2 and link 3?
Multipath is enabled on both links. I copy the multicast configuration of CRS and GSR that is the same:
multicast-routing
address-family ipv4
interface GigabitEthernet0/2/0/0
   enable
interface GigabitEthernet0/2/1/1
   enable
interface GigabitEthernet0/2/1/2
   enable
nsf
multipath
ssm range SSM
Thanks,
Carlos.

Hi Agherardi,
Did you try to disable your firewall and refer the following KB to confirm you have choose the correct Affinity and Load-Balancing Behavior of the Custom Port Rule.
Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule
https://technet.microsoft.com/en-us/library/cc759039(v=ws.10).aspx
More information:
Using NLB
https://technet.microsoft.com/en-us/library/bb687542.aspx
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

How to protect a PIM-SM network from unauthorized pim routers and multicast sources?

Hi,
we're using pim sparse mode in a customer network with catalyst 2/3/4/6K switches, all multicast routers are redundant with pim dr running for access subnets. RPs are configured with anycast rp.
A) Is there any possiblity to prevent rogue pim routers/igmp queriers connected to host ports from getting connected to the legal pim routers and from getting involved in the local igmp traffic?
Maybe like DHCP Snooping used with DHCP. I read that in the latest Sup2T ios (http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/catalyst6500/ios/15-2SY/config_guide/sup2T/15_2_sy_swcg_2T.pdf) there is a feature called 'ipv4 router guard' which does exactly what we're looking for:
'When configured, the Router Guard feature makes the specified port a host port only. The port is prevented from becoming a router port, even if a multicast router control packets are received. In addition, any control packets normally received from multicast routers, such as IGMP queries and PIM joins, will also be discarded by this filter.'
Afaik, PIM authentication isn't supported in current catalyst ios versions.
Using a normal port ACL is not an option in our case because of a management decision.
B) Is there any possibility to prevent (on a per-subnet basis) rogue sources from sending multicast streams to legal multicast-groups?
Maybe, can I configure a svi of a host subnet or a host port to drop any incoming multicast stream while still accepting IGMP and sending out legal multicast streams?
Using 'ip pim accept-register' command on the rp is not an option because we've tons of legal sources which would end in an very huge error-prone acl
Unfortunately, a normal ACL is not an option here, too.
Best Regards
Thorsten

We use two pim routers in each host subnet for redundancy, they elect the PIM DR.
Does pim passive mode work here?
(Config Guide: If the ip pim passive command is configured on an interface enabled for IP multicast, the router will operate this interface in PIM passive mode, which means that the router will not send PIM messages on the interface nor will it accept PIM messages from other routers across this interface. The router will instead consider that it is the only PIM router on the network and thus act as the DR and also as the DF for all bidir-PIM group ranges. IGMP operations are unaffected by this command. ... The redundant PIM stub router topology is not supported. The redundant topology exists when there is more than one PIM router forwarding multicast traffic to a single access domain. PIM messages are blocked, and the PIM asset and designated router election mechanisms are not supported on the PIM passive interfaces.)
ip pim neighbor-filter maybe would work to prevent rogue pim routers to connect to the legal pim routers but wouldn't rogue pim routers still be able to manipulate the layer2 switch to send all igmp traffic to them and not to the legal pim routers?

RSPAN does not put IPv6 multicast traffic into port

Hi.
There is two switches in the equation:
WS-C2960-24TT-L 12.2(55)SE5 C2960-LANBASEK9-M
and stack of
Switch Ports Model SW Version SW Image
1 12 WS-C3750G-12S 12.2(55)SE8 C3750-IPSERVICESK9-M
2 12 WS-C3750G-12S 12.2(55)SE8 C3750-IPSERVICESK9-M
* 3 24 WS-C3750G-24T 12.2(55)SE8 C3750-IPSERVICESK9-M
3 is a master
There is VTP domain with pruning off and RSPAN VLAN 1001
core#sho vlan remote-span
Remote SPAN VLANs
1001
there is RSPAN session on first:
#sho monitor session 1
Session 1
Type : Remote Source Session
Source Ports :
Both : Fa0/11
Dest RSPAN VLAN : 1001
Port Fa0/11 is in access mode, VLAN 303
and on second:
core#sho monitor session 1
Session 1
Type : Remote Destination Session
Source RSPAN VLAN : 1001
Destination Ports : Gi3/0/2
Encapsulation : Native
Ingress : Disabled
Problem is that i can't see any IPv6 multicast traffic (like ICMPv6 RA or such) on Gi3/0/2 which is absolutely sure there, because if i remove monitoring session on core switch and put Gi3/0/2 into trunk mode, i can see packets i need in vlan 1001:
# tcpdump -s0 -nnvei eth1 vlan 1001 and ip6
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:37.059045 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
14:17:38.083266 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
14:17:39.107068 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
There is no such problem with usual unicast and broadcast traffic.
Any suggestions?

Interestingly, i've found bug CSCsr64007 which i stubmbled upon on one of my switches during troubleshooting. The effect of this bug was that RSPAN took IPv6 multicast packets from unrelated VLANs and forwarded them into monitor port.
Looks like they have "fixed" it filtering IPv6 multicast completely.

High bridge domain (BD) utlization

Hello,
is there any way to know which brdige domain/P2P Xconnect is getting more utlizaiton or traffic.
since many BD are sharing the same physical interface there is a need to know which BD is getting more of link bandwidh.
Mohamed.

Hi Mohammed,
You can run mpls netflow on the core facing interface and based on the VC label you can figure out which pseudowire is getting lot of traffic.
other way to check would be "sh l2vpn bridge-domain bd-name xxx detail" and look at the
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
which will be cumbersome if you have lot of p2p in the network.
HTH,
Chander

How to configure 8192 bridge domain default limit shows 2048

Hello,
How can i scale up bridge-domain from 2048 to 8192.
As per the link (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-1/lxvpn/configuration/guide/lesc41/lesc41p2mps.html) ASR9000 series routers can scale up to 8192 bridge-domains.
However my ASR9k shows the l2vpn capability to be only around 2048. How can i configure 8192 bridge-domain
RP/0/RSP0/CPU0:ci-asr9k#show l2vpn capability
Tue Feb 10 14:11:36.797 EST
Capability mode: mixed-mode
L2vpn all-capable: N
System capability:
VPLS Max MAC addresses: 32000
VPLS Max bridge-domains: 2048
VPLS Max attachment circuits: 32768
VPLS Max pseudowires: 32768
RSI bit size: 13
Per-AC drop counters supported: Y
VPLS Preferred path allowed: Y
VPLS Preferred path fallback enable allowed: Y
VPLS Preferred path fallback disable allowed: Y
MAC withdrawal allowed: Y
Max attachment circuits per bridge-domain: 16384
VPLS Max virtual forwarding interfaces: 2048
VPLS Max virtual forwarding interfaces per bridge-domain: 1
VPLS Max pseudowires per bridge-domain: 512
VPLS Max pseudowires per virtual forwarding interface: 512
VPWS PW redundancy supported: Y
VPLS Access PW supported: Y
Bundle AC supported: Y
Security config supported: Y
DHCP snooping supported: Y
VPLS Static MAC filter supported: Y
VPLS MAC configs on bridge port supported: Y
VPLS Flooding config on bridge port supported: Y
Flood unknown unicast disable supported: Y
IGMP snooping supported: Y
MMRP flood optimization supported: Y
MMRP flood optimization max multicast address entries: 8192
MMRP flood optimization max PW participants: 262144
VPLS MAC Aging Default Timer Value: 300
VPLS MAC Aging Min Timer Value: 300
VPLS MAC Aging Max Timer Value: 30000
VPWS Max attachment circuits: 32768
VPWS Max pseudowires: 32768
VPWS Preferred path fallback enable allowed: Y
VPWS Preferred path fallback disable allowed: Y
-Ramdas

Are there any LC scale profiles configured in the admin mode? If so, that would reduce L2 resources. If you don't need the L3 profile, remove it and reboot the router to gain back 8k bridge domains.
Regards,
/A

LGS308 problem with vlan and multicast

Hello,
I have a LGS308 smart switch and am having problems putting multicast traffic on a specific vlan.
The switch is connected to a PC for management (vlan 1).
All ports are in acces mode, vlan 1 untagged.
I created vlan 2 and put it untagged on port 7 and 8.
Now, when I connect a multicast device (IPTV) on port 8, the switch becomes unresponsive and nothing works.
It seems the switch is flooded with multicast traffic.
Simply turning IGMP snooping on didn't help so I think it needs more configuration.
Is this a known problem?
ps: Once I have this simple setup running I'm planning for a more advanced setup with trunking 2 vlans (iptv + internet) to another switch over a single UTP cable. But first things first

Yes it should!
I have changed the setup like this:
Switch 1
port 1 - access mode - vlan 1U <---> Internet
port 2 - access mode - vlan 1U <---> PC
port 7 - access mode - vlan 2U <---> IPTV source (IGMP)
port 8 - trunk mode - vlan 1T + 2T <---> switch 2 port 8
Switch 2
port 7 - access mode - vlan 2U <---> IPTV source (IGMP)
port 8 - trunk mode - vlan 1T + 2T <---> switch 2 port 8
With this setup, I can reach both switches from my PC.
However, multicast doesn't work. I don't get IPTV on switch 2 port 7.

Bridge Domain and multicast traffic

Similar Messages

Maybe you are looking for