Symptom
MAC flaps on downstream switches connected behind Cisco Nexus switches, intermittent connectivity issues.
Traffic is reflected back on same interface it was received on
Duplicate IGMP reports seen in the VLAN.
Conditions
N9k with network receiving IGMP membership report destined to 224.0.0.x reserved for Link local multicast.
SVI (L3 interface-vlan) enabled
VXLAN Fabric (no TRM)
IGMP snooping disabled for VLAN/VNI which is the default setting for non TRM environment
Workaround
Suppress such IGMP reports which are destined to link local multicast range.
On Cisco Nexus 9000 port ACLs can be used to suppress such traffic provided TCAM is carved for PACL region example:
sh ip access-lists block-igmp-link-local
IP access list block-igmp-link-local
statistics per-entry
10 deny igmp any 224.0.0.252/32 [match=300]
20 deny igmp any 224.0.0.22/32 [match=0]
100 permit ip any any [match=557]
Further Problem Description
Software was also flooding IGMP reports on top of hardware flood, leading to such an issue (also source pruning check fail). Software flooding will not happen anymore with this fix.
