Peter Rathlev wrote:
Hi Phil,
Thanks for the input.
On Tue, 2009-11-10 at 13:23 +0000, Phil Mayers wrote:
Do you have CoPP or MLS rate limiters? Is the traffic being CPU punted
(use a SPAN session to find out) and this rate-limiting what's causing
the drops?
No CoPP or rate-limiters configured, only defaults. Is there any way to
see counters for the rate-limiters? The "show
If so, it could be a hardware/tcam programming error; we've seen a few
of these in obscure cases on SXI, and I've not found a reliable way to
clear them. Does a "shut" / "no shut" of the SVI fix the problem? Or
the various "clear" commands (e.g. "clear cef" etc.)
Well, I tried shutting/unshutting the SVI, and now I can't seem to
recreate the problem. :-(
Yep, that sounds familiar. We've seen the problem with dodgy CEF
prefixes "suddenly" go away when SVIs are shut/no shut. Someone
suggested the next-hop MTU getting set wrong in the hardware and causing
CPU punts, and that this can happen when SVIs come up/down very
occasionally :o(
If I remove the "ip verify"-command and then add the version with
"allow-default" directly, I have no problems. Without uRPF there's
no problem either. Only when first entering the command without
"allow-default" and then adding "allow-default" does the problem
appear.
We haven't seen that, but have seen other issues where (apparently)
CEF entries are programmed incorrectly resulting in traffic being CPU
punted and having to pass through CoPP, and thus being very lossy.
I would really like to have looked more into this, but with the problem
gone, I'm stuck: If it would happen again, is there any way to check
what the rate-limiters/CoPP drops via some counters?
Well, CoPP drop can be see with:
sh policy-map control-plane
...but if you haven't got it setup, you'll see nothing.
sh mls rate-limit
...shows the current config for MLS rate limiters, but again if you've
not got it setup then the defaults are some pretty conservative
multicast punts and nothing else IIRC.
Hmm.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
