[c-nsp] uRPF bug on C6k SXI1?
Peter Rathlev
peter at rathlev.dk
Tue Nov 10 16:54:52 EST 2009
Hi Phil,
Thanks for the input.
On Tue, 2009-11-10 at 13:23 +0000, Phil Mayers wrote:
> Do you have CoPP or MLS rate limiters? Is the traffic being CPU punted
> (use a SPAN session to find out) and this rate-limiting what's causing
> the drops?
No CoPP or rate-limiters configured, only defaults. Is there any way to
see counters for the rate-limiters? The "show
> If so, it could be a hardware/tcam programming error; we've seen a few
> of these in obscure cases on SXI, and I've not found a reliable way to
> clear them. Does a "shut" / "no shut" of the SVI fix the problem? Or
> the various "clear" commands (e.g. "clear cef" etc.)
Well, I tried shutting/unshutting the SVI, and now I can't seem to
recreate the problem. :-(
> > If I remove the "ip verify"-command and then add the version with
> > "allow-default" directly, I have no problems. Without uRPF there's
> > no problem either. Only when first entering the command without
> > "allow-default" and then adding "allow-default" does the problem
> > appear.
>
> We haven't seen that, but have seen other issues where (apparently)
> CEF entries are programmed incorrectly resulting in traffic being CPU
> punted and having to pass through CoPP, and thus being very lossy.
I would really like to have looked more into this, but with the problem
gone, I'm stuck: If it would happen again, is there any way to check
what the rate-limiters/CoPP drops via some counters?
--
Regards,
Peter
More information about the cisco-nsp
mailing list