[c-nsp] uRPF bug on C6k SXI1?

Phil Mayers p.mayers at imperial.ac.uk
Tue Nov 10 08:23:08 EST 2009


Peter Rathlev wrote:
> Hi,
> 
> I've discovered what seems to be a bug on C6k at least in SXI1. I
> haven't been able to find anything about it in the bug toolkit. It might
> be related to CSCsk65860 though.
> 
> If I configure a SVI in a VRF and add "ip verify source reachable-via
> any" and afterwards enable "ip verify source reachable-via any
> allow-default" the switch seems to drop a lot of traffic, something like
> every 12th packet.

Do you have CoPP or MLS rate limiters? Is the traffic being CPU punted 
(use a SPAN session to find out) and this rate-limiting what's causing 
the drops?

If so, it could be a hardware/tcam programming error; we've seen a few 
of these in obscure cases on SXI, and I've not found a reliable way to 
clear them. Does a "shut" / "no shut" of the SVI fix the problem? Or the 
various "clear" commands (e.g. "clear cef" etc.)

> 
> If I remove the "ip verify"-command and then add the version with
> "allow-default" directly, I have no problems. Without uRPF there's no
> problem either. Only when first entering the command without
> "allow-default" and then adding "allow-default" does the problem appear.

We haven't seen that, but have seen other issues where (apparently) CEF 
entries are programmed incorrectly resulting in traffic being CPU punted 
and having to pass through CoPP, and thus being very lossy.

See e.g.

http://www.gossamer-threads.com/lists/cisco/nsp/112984


More information about the cisco-nsp mailing list