OPERATIONAL DEFECT DATABASE
...
...
If a Wireshark capture (using SPAN or EPC) is taken: - The source MAC of the mDNS multicast packet is rewritten with the BIA MAC address of the Cat9k that is incorrectly routing the traffic. - mDNS packets showing the same IP Identifier and TTL is decrementing. One single burst of 1000 packets from a mDNS source of traffic using a TTL 230 is causing ~1.5-2Gb of traffic replication. This could cause output drops on the physical interfaces. Multicast counters on the interfaces will increase drastically as a result of the multicast routing loop (i.e. mDNS packet with TTL 230 - the packet will loop until TTL expires).
- Cat9k with no Service Discovery Gateway (SDG) configuration in place. - This issue has been reported in 16.12.x and 17.3.x IOS-XE trains. - mDNS traffic is coming with an APIPA source IP address (169.254.x.x)
- Blocking mDNS on the SVI resolves the issue: ip access-list extended BLOCK-MDNS deny udp any host 224.0.0.251 eq 5353 permit ip any any If mDNS is in use, configure SDG feature on the Cat9k.
This problem was successfully reproduced with the following setup: (mDNS source) -- VLAN900 -- Twex/x/x -- C9600_A -- (etherchannel) -- C9600_B 9600s are HSRP peers and PIM neighbors. A single burst of 1000 packets from a mDNS source of traffic using a TTL 230 is causing ~1.5-2Gb of traffic on both directions on the etherchannel between the 9600 switches.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
