Limit Multicast IPv6 (ICMPv6 NS) or Broadcast IPv4 (ARP) traffic

[mixthoor]

How can I limit the multicast and/or broadcast on my switches?

Code: [Select]

sysDescr:              Ethernet Routing Switch 4548GT-PWR
                       HW:04       FW:5.3.0.3   SW:v5.6.3.025
In the docu https://downloads.avaya.com/css/P8/documents/100095120 I see the rate-limit for incoming packets, but it doesn't work

My config:

Code: [Select]

interface FastEthernet ALL
rate-limit port 1/47-48 both 5
rate-limit port 2/47-48 both 5
rate-limit port 2/4 both pps 101/47 and 2/47 are the uplinks
2/4 is my host port

The packets:

Code: [Select]

SW(config-if)#sh port-statistics port 2/4
Received
    Packets:                 649
    Multicasts:              34
    Broadcasts:              15
    Total Octets:            75035
    FCS Errors:              0
    Undersized Packets:      0
    Oversized Packets:       0
    Filtered Packets:        0
    Pause Frames:            0
Transmitted
    Packets:                 5035
    Multicasts:              44
    Broadcasts:              4433
    Total Octets:            448562
    Collisions:              0
    Single Collisions:       0
    Multiple Collisions:     0
    Excessive Collisions:    0
    Deferred Packets:        0
    Late Collisions:         0
    Pause Frames:            0

Packets     64 bytes:        4189
            65-127 bytes:    799
            128-255 bytes:   563
            256-511 bytes:   100
            512-1023 bytes:  15
            1024-1518 bytes: 18
     1519-9216 bytes(Jumbo): 0
    Dropped On No Resources: 0
The same a few minutes later (ca. 30.000 arps!):

Code: [Select]

SW#Messehaus-UV17-ERS4548(config-if)#sh port-statistics port 2/4
Received
    Packets:                 2792
    Multicasts:              202
    Broadcasts:              81
    Total Octets:            378963
    FCS Errors:              0
    Undersized Packets:      0
    Oversized Packets:       0
    Filtered Packets:        0
    Pause Frames:            0
Transmitted
    Packets:                 31745
    Multicasts:              307
    Broadcasts:              28971
    Total Octets:            2548351
    Collisions:              0
    Single Collisions:       0
    Multiple Collisions:     0
    Excessive Collisions:    0
    Deferred Packets:        0
    Late Collisions:         0
    Pause Frames:            0

Packets     64 bytes:        27562
            65-127 bytes:    4085
            128-255 bytes:   2178
            256-511 bytes:   529
            512-1023 bytes:  92
            1024-1518 bytes: 91
     1519-9216 bytes(Jumbo): 0
    Dropped On No Resources: 0
Messehaus-UV17-ERS4548(config-if)#

- In this example there are ARP Broadcast (60 bytes/packet)
- I have the switches in the network with many ICMPv6 NS packets (86 bytes): and the worse is, that after paar secounds I see 160.000 ICMPv6!
- Maybe here the solution will be IPv6 FHS, but what is the solution for ARPs?

[mixthoor]

I configured the rate limt on the other switch:

and on one port I still see many multicast but with pause frames and Dropped On No Resources:

Code: [Select]

(config-if)#sh port-statistics port 2
Received
    Packets:                 9736
    Multicasts:              19472
    Broadcasts:              0
    Total Octets:            623104
    FCS Errors:              0
    Undersized Packets:      0
    Oversized Packets:       0
    Filtered Packets:        0
    Pause Frames:            9736
Transmitted
    Packets:                 9736
    Multicasts:              8784
    Broadcasts:              935
    Total Octets:            840303
    Collisions:              0
    Single Collisions:       0
    Multiple Collisions:     0
    Excessive Collisions:    0
    Deferred Packets:        0
    Late Collisions:         0
    Pause Frames:            0

Packets     64 bytes:        11481
            65-127 bytes:    7896
            128-255 bytes:   95
            256-511 bytes:   0
            512-1023 bytes:  0
            1024-1518 bytes: 0
     1519-9216 bytes(Jumbo): 0
    Dropped On No Resources: 13613I'm lookong for a great description of these "paused" and "dropped" frames, but still with no success. Where can I find it?

On the other port I see the filtered frames:

Code: [Select]

(config-if)#sh port-statistics port 11
Received
    Packets:                 21795
    Multicasts:              836
    Broadcasts:              1447
    Total Octets:            2509829
    FCS Errors:              149
    Undersized Packets:      70
    Oversized Packets:       0
    Filtered Packets:        734
    Pause Frames:            0
Transmitted
    Packets:                 1380657
    Multicasts:              1215311
    Broadcasts:              123384
    Total Octets:            169394164
    Collisions:              0
    Single Collisions:       0
    Multiple Collisions:     0
    Excessive Collisions:    0
    Deferred Packets:        0
    Late Collisions:         0
    Pause Frames:            0

Packets     64 bytes:        178119
            65-127 bytes:    1155404
            128-255 bytes:   26925
            256-511 bytes:   8583
            512-1023 bytes:  2439
            1024-1518 bytes: 30982
     1519-9216 bytes(Jumbo): 0
    Dropped On No Resources: 0

CPU

Code: [Select]

sh cpu
----------------------------------------------------------------
                      CPU Utilization
----------------------------------------------------------------

Unit/ Last 10 Sec, 1 Min, 10 Min, 60 Min, 24 Hrs, System Boot-Up
----------------------------------------------------------------
1          17%     21%    25%     23%     16%     16%


MEMORY

Code: [Select]

sh memory-utilization
------------------------------------------
          Memory Utilization
------------------------------------------
Unit/ Total      Used          Free
------------------------------------------
1  128Mbytes     106Mbytes     22 Mbytes