I am in a unique situation where I have been asked to diagnose an issue that occurred many months ago. No pcaps are provided, no historical configs that were used are provided and re-creating the issue is likely not going to be an option. What is know is that a device at an branch site became a multicast source that was possibly propagated to all sites that overloaded the core. This occurred multiple times until multicast was turned off. I already have a laundry list of protection mechanisms to implement while turning it back on (blocking upnp, state protection, etc, but there is really no way beyond speculation to determine what the root cause was.
I wanted to see if anyone could share some of their multicast meltdown stories so I can attempt to build a tool-less list of root causes.
No comments:
Post a Comment