Symptom
NLB traffic getting flooded (IGMP mode in place).
IGMP snooping table is properly populated, i.e.
show ip igmp snooping groups --> we'll see the interested receivers/ports listed ('x', 'y')
port 'x'
port 'y'
Ports 'a', 'b' and 'c' are UP and assigned to the same VLAN as port 'x' & port 'y'. They are also getting the NLB traffic (flooding).
NLB packet structure (this is an example):
**valid unicast src/dst IPs**
src_ip = 1.1.1.1
dst_ip = 1.1.1.5 (NLB VIP)
**valid unicast mac address but multicast destination mac address**
src_mac = cafe.cafe.cafe
dst_mac = 0100.5exx.xxxx ----> MULTICAST MAC ADDRESS
Proper mrouter port/igmp querier is programmed in the Cat9K switch.
Conditions
Cat9K running 16.x.x or 17.x.x code.
NLB IGMP mode in use (this is a setting on the NLB server)
Workaround
Configure a static MAC address entry listing the ports that should get this NLB traffic, i.e.
mac address-table static 0100.5exx.xxxx vlan interface TenGigabitEthernet x/x/x
Further Problem Description
This is considered an expected behavior due to:
For IGMP snooping, the Cat9K does not use MAC address for forwarding, it uses multicast IP address. New platforms are using this to avoid the overlapping addresses.
