[c-nsp] CoPP crashing one of my lab routers
Justin Shore
justin at justinshore.com
Sun Sep 23 17:26:09 EDT 2007
I'm working on a CoPP implementation in the lab. I've got a pair of
2811s running 12.4(15)T1 on each. I've only implemented CoPP on one of
them so far. The config is fairly simple:
class-map match-all CoPP-critical
match access-group name copp-critical
class-map match-all CoPP-normal
match access-group name copp-normal
class-map match-all CoPP-bad
match access-group name copp-bad
class-map match-all CoPP-important
match access-group name copp-important
!
!
policy-map CoPP
class CoPP-critical
police 31500000 conform-action transmit exceed-action transmit
class CoPP-important
police 125000 3906 3906 conform-action transmit exceed-action drop
class CoPP-normal
police 64000 2000 2000 conform-action transmit exceed-action drop
class CoPP-bad
police 32000 1500 1500 conform-action drop exceed-action drop
class class-default
police 1000000 31250 31250 conform-action transmit exceed-action drop
!
ip access-list extended copp-bad
remark CoPPP ACL - Bad traffic
!
ip access-list extended copp-critical
remark CoPPP ACL - Critical traffic
remark PERMIT OSPF from known neighbors
permit ip host 2.2.222.1 host 224.0.0.5
permit ip host 2.2.222.1 host 224.0.0.6
!
ip access-list extended copp-important
remark CoPPP ACL - Important traffic
permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq 22
permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq www
permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq 443
permit udp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq snmp
!
ip access-list extended copp-normal
remark CoPPP ACL - Normal traffic
permit icmp any any ttl-exceeded
permit icmp any any port-unreachable
permit icmp any any echo-reply
permit icmp any any echo
!
control-plane
service-policy input CoPP
Editing one of the ACLs, removing the service-policy or editing the
policy-map causes the router to crash with the following traceback and
other output:
BEGIN ERROR
--------------------------------------------------------------
15:54:23 CDT Sun Sep 23 2007: Address Error (load or instruction
fetch) exception, CPU signal 10, PC = 0x436DA8AC
--------------------------------------------------------------------
Possible software fault. Upon reccurence, please collect
crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------
-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8
0x42935D20 0x42935D04
$0 : 00000000, AT : 45F80000, v0 : 00000000, v1 : 00000000
a0 : 0202DE02, a1 : 00000000, a2 : 00000000, a3 : 00000006
t0 : 482D1280, t1 : 00000000, t2 : 00000063, t3 : 00000000
t4 : 00000000, t5 : 00000069, t6 : 00000003, t7 : 0000001B
s0 : 00000002, s1 : 47F3E8F0, s2 : 47F3E8C8, s3 : 00000000
s4 : 47F3E8F0, s5 : 0202DE02, s6 : 47F3E8CC, s7 : 00000002
t8 : 00000000, t9 : 00000000, k0 : 3040A801, k1 : A000F000
gp : 45F80620, sp : 47F3E878, s8 : 45F80000, ra : 42365D58
EPC : 436DA8AC, ErrorEPC : BFC00E8C, SREG : 3400FF03
MDLO : 0000137C, MDHI : 00000000, BadVaddr : 0202DE0E
DATA_START : 0x43728E00
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch)
exception
Writing crashinfo to flash:crashinfo_20070923-205423
15:54:23 CDT Sun Sep 23 2007: Address Error (load or instruction
fetch) exception, CPU signal 10, PC = 0x436DA8AC
--------------------------------------------------------------------
Possible software fault. Upon reccurence, please collect
crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------
-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8
0x42935D20 0x42935D04
$0 : 00000000, AT : 45F80000, v0 : 00000000, v1 : 00000000
a0 : 0202DE02, a1 : 00000000, a2 : 00000000, a3 : 00000006
t0 : 482D1280, t1 : 00000000, t2 : 00000063, t3 : 00000000
t4 : 00000000, t5 : 00000069, t6 : 00000003, t7 : 0000001B
s0 : 00000002, s1 : 47F3E8F0, s2 : 47F3E8C8, s3 : 00000000
s4 : 47F3E8F0, s5 : 0202DE02, s6 : 47F3E8CC, s7 : 00000002
t8 : 00000000, t9 : 00000000, k0 : 3040A801, k1 : A000F000
gp : 45F80620, sp : 47F3E878, s8 : 45F80000, ra : 42365D58
EPC : 436DA8AC, ErrorEPC : BFC00E8C, SREG : 3400FF03
MDLO : 0000137C, MDHI : 00000000, BadVaddr : 0202DE0E
DATA_START : 0x43728E00
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch)
exception
-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8
0x42935D20 0x42935D04
=== Flushing messages (15:54:24 CDT Sun Sep 23 2007) ===
Buffered messages:
*Sep 23 06:14:37.323: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0
State changed to: Initialized
*Sep 23 06:14:37.327: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0
State changed to: Enabled
*Sep 23 06:14:39.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface
VoIP-Null0, changed state to up
*Sep 23 06:14:39.003: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed
state to up
*Sep 23 06:14:39.007: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed
state to up
*Sep 23 06:14:39.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface
IPv6-mpls, changed state to up
*Sep 23 06:14:40.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
*Sep 23 06:14:40.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to down
000021: *Sep 23 00:14:40 CST: %SYS-6-CLOCKUPDATE: System clock has been
updated from 06:14:40 UTC Sun Sep 23 2007 to 00:14:40 CST Sun Sep 23
2007, configured from console by console.
000022: *Sep 23 01:14:40 CDT: %SYS-6-CLOCKUPDATE: System clock has been
updated from 00:14:40 CST Sun Sep 23 2007 to 01:14:40 CDT Sun Sep 23
2007, configured from console by console.
000023: Sep 23 01:14:41 CDT: %CP-5-FEATURE: Control-plane Policing
feature enabled on Control plane aggregate path
000024: Sep 23 01:14:42 CDT: %SYS-5-CONFIG_I: Configured from memory by
console
000025: Sep 23 01:14:42 CDT: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by prod_rel_team
000026: Sep 23 01:14:42 CDT: %SNMP-5-COLDSTART: SNMP agent on host
2811-2 is undergoing a cold start
000027: Sep 23 01:14:42 CDT: %SSH-5-ENABLED: SSH 2.0 has been enabled
000028: Sep 23 01:14:42 CDT: %CONTROLLER-5-UPDOWN: Controller T1 0/0/0,
changed state to down (LOS detected)
000029: Sep 23 01:14:42 CDT: %CONTROLLER-5-UPDOWN: Controller T1 0/0/1,
changed state to down (LOS detected)
000030: Sep 23 01:14:42 CDT: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Loopback0, changed state to up
000031: Sep 23 01:14:42 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000032: Sep 23 01:14:42 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000033: Sep 23 01:14:43 CDT: %SYS-6-BOOTTIME: Time taken to reboot after
reload = 137 seconds
000034: Sep 23 01:14:44 CDT: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet0/0, changed state to down
000035: Sep 23 01:14:46 CDT: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet0/0, changed state to up
000036: Sep 23 01:14:48 CDT: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed
state to up
000037: Sep 23 01:14:49 CDT: %DSPRM-5-UPDOWN: DSP 3 in slot 1, changed
state to up
000038: Sep 23 01:14:50 CDT: %DSPRM-5-UPDOWN: DSP 2 in slot 1, changed
state to up
000039: Sep 23 01:14:52 CDT: %DSPRM-5-UPDOWN: DSP 1 in slot 1, changed
state to up
000040: Sep 23 01:15:26 CDT: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.222.1 on
FastEthernet0/0.125 from LOADING to FULL, Loading Done
Queued messages:
No warm reboot Storage
*** System received a Bus Error exception ***
signal= 0xa, code= 0x10, context= 0x462b6bf4
PC = 0x40086d7c, Cause = 0x20, Status Reg = 0x34008002
--------------------------------------------------------------
END ERROR
I can't find any bugs related to CoPP on Cisco's site. Any ideas why
the router keeps crashing? It would appear that CoPP is working fine
until I try to modify the config related to it; then it crashes. The
config seems to be fairly simple. Am I not configuring the router
correctly?
Thanks
Justin
More information about the cisco-nsp
mailing list