Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2357
  • Last Modified:

Stop Multicast Session from flooding Network

I am using Symantec Ghost 7.0. Every time I run multicast server the network performance is reduced by more than half. So i figured if can stop the multicast packets from leaving the switch where all the clients are connected I can stop the unnecessary traffic. Allow me to explain the current scenario. There is a workbench were all stations on the work bench are connected to a Cisco Catalyst 3524. Port 24 on the catalyst is connected to a parent Switch via a cross over cable. A DHCP server and the Proxy Server are connected to the PARENT Switch, which is how the computers on the workbench get their IP addressee and access the internet. NOTE!!! ONLY computers on the workbench need to access the Symantec Multicast Server. So I think I can add an access statement to the switch to stop all outgoing packets from Symantec Multicast on Switch Port 24. The question is how does Symantec Multicast server send information to their clients, and how do the clients find the Multicast Server? Is it a particular port or a particular packet or what?
0
gbarrientos
Asked:
gbarrientos
1 Solution
 
MaxQCommented:
If the switches aren't configured for IGMP/CGMP, they will forward multicasts as if they were broadcasts.
Once multicast is configured on the network devices they will only forward multicast frames to stations that join the multicast group in question.  As with most network things there is more than one way to do it, but these links should be helpful:

http://service1.symantec.com/SUPPORT/ghost.nsf/docid/2000022806431025?Open&src=&docid=2000033111503625&nsf=ghost.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007d248.html#xtocid109398
0
 
chicagoanCommented:
or vlan your lab
0
 
MaxQCommented:
That's true, having the lab on its own subnet would keep the multicasts contained and
allow you to do some access control between it and the rest of your network.  Not a
bad idea for security if you potentially have workstations/servers there being built that
aren't fully patched/configured/etc.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
ThePowderedToastManCommented:
You certainly can control precisely where a multicast is sent.  An IGMP packet goes anywhere on the set of IP addresses within the LAN it is programmed on.  You can control this by programming groups for multicasting on your routers.  THis is exactly what MaxQ and Chicagoan are saying, so give me no points.  A best solution, in my never to be humble opinion is to go with CHicagoan, and VLAN, your lab, this will eliminate all unwanted traffic to your lab.,
0
 
Scotty_ciscoCommented:
gbarrientos

I understand your problem we have had a similar issue... One nice thing that I wanted to bring up though is the development of IGMP snooping in 3550 switches and the 2950 switches which will do the IP IGMP joins on a port level and allow you to remain on the same switch without VLANing or messing with segmenting your network.  Let me clarify that statment --- the switch will watch for a join on a group before it floods the multicast out that port. Very low level stuff but it seems to work ... one problem is that it does cause a performance hit on the switch.

Thanks
Scott
0
 
chicagoanCommented:
surgical, scotty! wtg!
now - can you get us warp 10?
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now