[c-nsp] 7600 cef confusion

Sukumar Subburayan sukumars at cisco.com
Wed Jan 31 12:36:26 EST 2007 

comments inline..

sukumar




On Wed, 31 Jan 2007, Saku Ytti wrote:

> On (2007-01-30 17:57 -0600), Charles Spurgeon wrote:
>
>> Doesn't look like they let you alter that, either.
>
> Oh they do let you alter it, it's hidden. I'd say freeze
> is quite dangerous default. Consider this:
>
> 1) You have label 42 pointing to customer FOO, everything
>   is running smooth as a candy dulfer.
>
> 2) Some mls error occurs, perhaps transient that happened
>   when you swapped LC (happened to me). Hardware is frozen,
>   software continues to function perfectly normally.
>
> 3) 42 gets reassigned via routing change to customer BAR,
>   software is happy camper, MSFC FIB is updated. However,
>   MLS FIB is not updated.
>
> 4) label 42 comes in, it's pushed to customer FOO via
>   hardware, instead  of customer BAR. You're leaking traffic
>   cross-customer.
>
> No, this hasn't happened to (at least to my knowledge, but
> it might be hard to realise when it's happening after MLS
> has been frozen).


When you have 'mls cef error action freeze' which is default in many 
releases ( but is being changed to 'reset' in upcoming releases), what is 
supposed to happen is, we free the HW-tables, so that no new entries are 
added. However, we are also supposed to disable HW-switching and punt 
everything to software. So, the leaking you are talking about is not 
possible, as all traffic is being punted to software and software has 
accurate copy.

However, I do know that there were some bugs, where HW-switching was not 
getting disabled correctly and hence packets were still being HW-switched. 
But, that is a bug and not the intended behavior.

  > I had much difficulties finding out what 
'recover' 
does, > so I wouldn't bet on that horse just yet, reset sounds like a
> quite smart bet. If someone can shed light to what
> 'recover' actually does, I'd be extremely happy
> to hear about it.
>

This is what recover is supposed to do:

1. Try to reload the fib entries to HW again and unfreeze
2. If after a certain number of attempts we still cannot recover
    we reset the system

If the system has recovered from such condition you can see the counter 
incrementing under:

show mls cef hardware

for 'Fatal Error Recovery count'

There are additional enhancements open for reconciling HW & SW and 
currently under development.

sukumar

> --
>  ++ytti
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list