-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/30/2010 2:00 PM, Rodney Dunn wrote: > You could try the 'debug ip cef packet' on the RP, as it captures only > sw switched traffic, and it has rate limiting ability built in it.
I ran 'debug ip cef packet g1/1/1 input rate 5 detail' and watched the counter from 'sh int g1/1/1 switching | inc Drops' till it increased. Once I saw the increase I looked at the logs but all I see is various bogon IPs (10/8, 192.168/16, etc) trying to hit various hosts. I imagine I see them due to an ACL applied to Gi1/1/1. What should I be looking for? I did notice the 'giants' counter matched the input drops so I looked for large packets based on the 'length=', but they were all 56, 48, 40, etc. Jul 1 13:42:05 ROUTER debug 3947: Jul 1 09:42:04.227 Eastern: CEF-Debug: Packet from 172.18.240.146 (Gi1/1/1) to x.x.x.x Jul 1 13:42:05 ROUTER debug 3948: Jul 1 09:42:04.227 Eastern: ihl=20, length=56, tos=0, ttl=245, checksum=46543, offset=0 Jul 1 13:42:05 ROUTER debug 3949: Jul 1 09:42:04.227 Eastern: ICMP type=11, code=0, checksum=43185 Jul 1 13:42:05 ROUTER debug 3950: Jul 1 09:42:04.227 Eastern: TTL expired Jul 1 13:42:05 ROUTER debug 3951: Jul 1 09:42:04.819 Eastern: CEF-Debug: Packet from 172.18.240.10 (Gi1/1/1) to x.x.x.x Jul 1 13:42:05 ROUTER debug 3952: Jul 1 09:42:04.823 Eastern: ihl=20, length=56, tos=0, ttl=244, checksum=41657, offset=0 Jul 1 13:42:05 ROUTER debug 3953: Jul 1 09:42:04.823 Eastern: ICMP type=11, code=0, checksum=49523 Jul 1 13:42:05 ROUTER debug 3954: Jul 1 09:42:04.823 Eastern: TTL expired - -- Devon > On 6/30/10 11:30 AM, Devon True wrote: > All: > > I am seeing increasing input queue drops on a 7600 running 12.2(33)SRC5 > on a SPA-2X1GE in a 7600-SIP-400. > > #sh int g1/1/1 > GigabitEthernet1/1/1 is up, line protocol is up > Hardware is GigEther SPA, address is 001d.7170.3500 (bia > 001d.7170.3500) > Description: > Internet address is x.x.x.x/yy > MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, > reliability 255/255, txload 72/255, rxload 46/255 > Encapsulation ARPA, loopback not set > Keepalive not supported > Full Duplex, 1000Mbps, link type is force-up, media type is SX > output flow-control is unsupported, input flow-control is unsupported > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:00, output 00:00:00, output hang never > Last clearing of "show interface" counters 01:44:10 > Input queue: 0/75/1707/0 (size/max/drops/flushes); Total output > drops: 0 > Queueing strategy: fifo > Output queue: 0/40 (size/max) > 5 minute input rate 183245000 bits/sec, 41346 packets/sec > 5 minute output rate 283924000 bits/sec, 55078 packets/sec > 256319513 packets input, 149816057859 bytes, 0 no buffer > Received 5 broadcasts (0 IP multicasts) > 0 runts, 1707 giants, 0 throttles > 1707 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 watchdog, 0 multicast, 0 pause input > 308870586 packets output, 193458081331 bytes, 0 underruns > 0 output errors, 0 collisions, 0 interface resets > 0 babbles, 0 late collision, 0 deferred > 0 lost carrier, 0 no carrier, 0 pause output > 0 output buffer failures, 0 output buffers swapped out > > I also ran "sh int g1/1/1 switching" and it looks like the RP is > dropping the packets. > > #sh int g1/1/1 switching > GigabitEthernet1/1/1 > Throttle count 0 > Drops RP 1706 SP 0 > SPD Flushes Fast 0 SSE 0 > SPD Aggress Fast 0 > SPD Priority Inputs 7257 Drops 0 > > Protocol Path Pkts In Chars In Pkts Out Chars Out > Other Process 0 0 0 0 > Cache misses 0 > Fast 0 0 0 0 > Auton/SSE 15978 958680 0 0 > IP Process 80379934 7498092736 42273104 3084247027 > Cache misses 0 > Fast 68341283 5017154676 1197481 86714780 > Auton/SSE 401843915443 245108148367129 516300637842 > 386876899705145 > DEC MOP Process 0 0 31700 2440900 > Cache misses 0 > Fast 0 0 0 0 > Auton/SSE 0 0 0 0 > ARP Process 15978 958680 15866 951960 > Cache misses 0 > Fast 0 0 0 0 > Auton/SSE 0 0 0 0 > > Any advice on troubleshooting? I looked at > http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml > > and "show buffers input-interface g1/1/1 header" does not display any > data and performing "debug ip packet" on a production router may not be > in my best interests. :) > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwsnNAACgkQWP2WrBTHBS/oGACg3H/BJyzwbeFeoieAodkPVBv5 1/AAoK97sTk30Qp9TgaWkISRQOfJVJ/G =FSET -----END PGP SIGNATURE----- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
