Symptom
If a Wireshark capture (using SPAN or EPC) is taken:
- The source MAC of the mDNS multicast packet is rewritten with the BIA MAC address of the Cat9k that is incorrectly routing the traffic.
- mDNS packets showing the same IP Identifier and TTL is decrementing.
One single burst of 1000 packets from a mDNS source of traffic using a TTL 230 is causing ~1.5-2Gb of traffic replication. This could cause output drops on the physical interfaces.
Multicast counters on the interfaces will increase drastically as a result of the multicast routing loop (i.e. mDNS packet with TTL 230 - the packet will loop until TTL expires).
Conditions
- Cat9k with no Service Discovery Gateway (SDG) configuration in place.
- This issue has been reported in 16.12.x and 17.3.x IOS-XE trains.
- mDNS traffic is coming with an APIPA source IP address (169.254.x.x)
Workaround
- Blocking mDNS on the SVI resolves the issue:
ip access-list extended BLOCK-MDNS
deny udp any host 224.0.0.251 eq 5353
permit ip any any
If mDNS is in use, configure SDG feature on the Cat9k.
Further Problem Description
This problem was successfully reproduced with the following setup:
(mDNS source) -- VLAN900 -- Twex/x/x -- C9600_A -- (etherchannel) -- C9600_B
9600s are HSRP peers and PIM neighbors.
A single burst of 1000 packets from a mDNS source of traffic using a TTL 230 is causing ~1.5-2Gb of traffic on both directions on the etherchannel between the 9600 switches.
