[c-nsp] CoPP crashing one of my lab routers

Justin Shore justin at justinshore.com
Sun Sep 23 17:26:09 EDT 2007


I'm working on a CoPP implementation in the lab.  I've got a pair of 
2811s running 12.4(15)T1 on each.  I've only implemented CoPP on one of 
them so far.  The config is fairly simple:

class-map match-all CoPP-critical
  match access-group name copp-critical
class-map match-all CoPP-normal
  match access-group name copp-normal
class-map match-all CoPP-bad
  match access-group name copp-bad
class-map match-all CoPP-important
  match access-group name copp-important
!
!
policy-map CoPP
  class CoPP-critical
   police 31500000 conform-action transmit  exceed-action transmit
  class CoPP-important
   police 125000 3906 3906 conform-action transmit  exceed-action drop
  class CoPP-normal
   police 64000 2000 2000 conform-action transmit  exceed-action drop
  class CoPP-bad
   police 32000 1500 1500 conform-action drop  exceed-action drop
  class class-default
   police 1000000 31250 31250 conform-action transmit  exceed-action drop
!
ip access-list extended copp-bad
  remark CoPPP ACL - Bad traffic
!
ip access-list extended copp-critical
  remark CoPPP ACL - Critical traffic
  remark PERMIT OSPF from known neighbors
  permit ip host 2.2.222.1 host 224.0.0.5
  permit ip host 2.2.222.1 host 224.0.0.6
!
ip access-list extended copp-important
  remark CoPPP ACL - Important traffic
  permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq 22
  permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq www
  permit tcp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq 443
  permit udp 0.0.0.0 255.255.0.0 host 2.2.222.2 eq snmp
!
ip access-list extended copp-normal
  remark CoPPP ACL - Normal traffic
  permit icmp any any ttl-exceeded
  permit icmp any any port-unreachable
  permit icmp any any echo-reply
  permit icmp any any echo
!
control-plane
  service-policy input CoPP


Editing one of the ACLs, removing the service-policy or editing the 
policy-map causes the router to crash with the following traceback and 
other output:


BEGIN ERROR
--------------------------------------------------------------

  15:54:23 CDT Sun Sep 23 2007: Address Error (load or instruction 
fetch) exception, CPU signal 10, PC = 0x436DA8AC



--------------------------------------------------------------------
    Possible software fault. Upon reccurence,  please collect
    crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------


-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820 
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8 
0x42935D20 0x42935D04
$0 : 00000000, AT : 45F80000, v0 : 00000000, v1 : 00000000
a0 : 0202DE02, a1 : 00000000, a2 : 00000000, a3 : 00000006
t0 : 482D1280, t1 : 00000000, t2 : 00000063, t3 : 00000000
t4 : 00000000, t5 : 00000069, t6 : 00000003, t7 : 0000001B
s0 : 00000002, s1 : 47F3E8F0, s2 : 47F3E8C8, s3 : 00000000
s4 : 47F3E8F0, s5 : 0202DE02, s6 : 47F3E8CC, s7 : 00000002
t8 : 00000000, t9 : 00000000, k0 : 3040A801, k1 : A000F000
gp : 45F80620, sp : 47F3E878, s8 : 45F80000, ra : 42365D58
EPC  : 436DA8AC, ErrorEPC : BFC00E8C, SREG     : 3400FF03
MDLO : 0000137C, MDHI     : 00000000, BadVaddr : 0202DE0E
DATA_START : 0x43728E00
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch) 
exception

Writing crashinfo to flash:crashinfo_20070923-205423

  15:54:23 CDT Sun Sep 23 2007: Address Error (load or instruction 
fetch) exception, CPU signal 10, PC = 0x436DA8AC



--------------------------------------------------------------------
    Possible software fault. Upon reccurence,  please collect
    crashinfo, "show tech" and contact Cisco Technical Support.
--------------------------------------------------------------------


-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820 
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8 
0x42935D20 0x42935D04
$0 : 00000000, AT : 45F80000, v0 : 00000000, v1 : 00000000
a0 : 0202DE02, a1 : 00000000, a2 : 00000000, a3 : 00000006
t0 : 482D1280, t1 : 00000000, t2 : 00000063, t3 : 00000000
t4 : 00000000, t5 : 00000069, t6 : 00000003, t7 : 0000001B
s0 : 00000002, s1 : 47F3E8F0, s2 : 47F3E8C8, s3 : 00000000
s4 : 47F3E8F0, s5 : 0202DE02, s6 : 47F3E8CC, s7 : 00000002
t8 : 00000000, t9 : 00000000, k0 : 3040A801, k1 : A000F000
gp : 45F80620, sp : 47F3E878, s8 : 45F80000, ra : 42365D58
EPC  : 436DA8AC, ErrorEPC : BFC00E8C, SREG     : 3400FF03
MDLO : 0000137C, MDHI     : 00000000, BadVaddr : 0202DE0E
DATA_START : 0x43728E00
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch) 
exception

-Traceback= 0x436DA8AC 0x42365D58 0x42365EB0 0x42365F74 0x4236B820 
0x42349B6C 0x423552FC 0x41CEA60C 0x41CEAE40 0x4168C3D4 0x416AFBC8 
0x42935D20 0x42935D04


=== Flushing messages (15:54:24 CDT Sun Sep 23 2007) ===

Buffered messages:

*Sep 23 06:14:37.323: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 
State changed to: Initialized
*Sep 23 06:14:37.327: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 
State changed to: Enabled
*Sep 23 06:14:39.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
VoIP-Null0, changed state to up
*Sep 23 06:14:39.003: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed 
state to up
*Sep 23 06:14:39.007: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed 
state to up
*Sep 23 06:14:39.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
IPv6-mpls, changed state to up
*Sep 23 06:14:40.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
FastEthernet0/0, changed state to up
*Sep 23 06:14:40.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
FastEthernet0/1, changed state to down
000021: *Sep 23 00:14:40 CST: %SYS-6-CLOCKUPDATE: System clock has been 
updated from 06:14:40 UTC Sun Sep 23 2007 to 00:14:40 CST Sun Sep 23 
2007, configured from console by console.
000022: *Sep 23 01:14:40 CDT: %SYS-6-CLOCKUPDATE: System clock has been 
updated from 00:14:40 CST Sun Sep 23 2007 to 01:14:40 CDT Sun Sep 23 
2007, configured from console by console.
000023: Sep 23 01:14:41 CDT: %CP-5-FEATURE: Control-plane Policing 
feature enabled on Control plane aggregate path

000024: Sep 23 01:14:42 CDT: %SYS-5-CONFIG_I: Configured from memory by 
console
000025: Sep 23 01:14:42 CDT: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 
12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by prod_rel_team
000026: Sep 23 01:14:42 CDT: %SNMP-5-COLDSTART: SNMP agent on host 
2811-2 is undergoing a cold start
000027: Sep 23 01:14:42 CDT: %SSH-5-ENABLED: SSH 2.0 has been enabled
000028: Sep 23 01:14:42 CDT: %CONTROLLER-5-UPDOWN: Controller T1 0/0/0, 
changed state to down (LOS detected)
000029: Sep 23 01:14:42 CDT: %CONTROLLER-5-UPDOWN: Controller T1 0/0/1, 
changed state to down (LOS detected)
000030: Sep 23 01:14:42 CDT: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface Loopback0, changed state to up
000031: Sep 23 01:14:42 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000032: Sep 23 01:14:42 CDT: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000033: Sep 23 01:14:43 CDT: %SYS-6-BOOTTIME: Time taken to reboot after 
reload =  137 seconds
000034: Sep 23 01:14:44 CDT: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface FastEthernet0/0, changed state to down
000035: Sep 23 01:14:46 CDT: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface FastEthernet0/0, changed state to up
000036: Sep 23 01:14:48 CDT: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed 
state to up
000037: Sep 23 01:14:49 CDT: %DSPRM-5-UPDOWN: DSP 3 in slot 1, changed 
state to up
000038: Sep 23 01:14:50 CDT: %DSPRM-5-UPDOWN: DSP 2 in slot 1, changed 
state to up
000039: Sep 23 01:14:52 CDT: %DSPRM-5-UPDOWN: DSP 1 in slot 1, changed 
state to up
000040: Sep 23 01:15:26 CDT: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.222.1 on 
FastEthernet0/0.125 from LOADING to FULL, Loading Done
Queued messages:
No warm reboot Storage
*** System received a Bus Error exception ***
signal= 0xa, code= 0x10, context= 0x462b6bf4
PC = 0x40086d7c, Cause = 0x20, Status Reg = 0x34008002

--------------------------------------------------------------
END ERROR



I can't find any bugs related to CoPP on Cisco's site.  Any ideas why 
the router keeps crashing?  It would appear that CoPP is working fine 
until I try to modify the config related to it; then it crashes.  The 
config seems to be fairly simple.  Am I not configuring the router 
correctly?

Thanks
  Justin


More information about the cisco-nsp mailing list