[c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

Rodney Dunn rodunn at cisco.com
Thu Jul 1 12:55:13 EDT 2010 

Could be the punts to send the ICMP packets back if they are being 
denied in the ACL.

Rodney



On 7/1/10 9:49 AM, Devon True wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 6/30/2010 2:00 PM, Rodney Dunn wrote:
>> You could try the 'debug ip cef packet' on the RP, as it captures only
>> sw switched traffic, and it has rate limiting ability built in it.
>
> I ran 'debug ip cef packet g1/1/1 input rate 5 detail' and watched the
> counter from 'sh int g1/1/1 switching | inc Drops' till it increased.
> Once I saw the increase I looked at the logs but all I see is various
> bogon IPs (10/8, 192.168/16, etc) trying to hit various hosts. I imagine
> I see them due to an ACL applied to Gi1/1/1.
>
> What should I be looking for? I did notice the 'giants' counter matched
> the input drops so I looked for large packets based on the 'length=',
> but they were all 56, 48, 40, etc.
>
> Jul  1 13:42:05 ROUTER debug 3947: Jul  1 09:42:04.227 Eastern:
> CEF-Debug: Packet from 172.18.240.146 (Gi1/1/1) to x.x.x.x
> Jul  1 13:42:05 ROUTER debug 3948: Jul  1 09:42:04.227 Eastern:
> ihl=20, length=56, tos=0, ttl=245, checksum=46543, offset=0
> Jul  1 13:42:05 ROUTER debug 3949: Jul  1 09:42:04.227 Eastern:     ICMP
> type=11, code=0, checksum=43185
> Jul  1 13:42:05 ROUTER debug 3950: Jul  1 09:42:04.227 Eastern:
>   TTL expired
> Jul  1 13:42:05 ROUTER debug 3951: Jul  1 09:42:04.819 Eastern:
> CEF-Debug: Packet from 172.18.240.10 (Gi1/1/1) to x.x.x.x
> Jul  1 13:42:05 ROUTER debug 3952: Jul  1 09:42:04.823 Eastern:
> ihl=20, length=56, tos=0, ttl=244, checksum=41657, offset=0
> Jul  1 13:42:05 ROUTER debug 3953: Jul  1 09:42:04.823 Eastern:     ICMP
> type=11, code=0, checksum=49523
> Jul  1 13:42:05 ROUTER debug 3954: Jul  1 09:42:04.823 Eastern:
>   TTL expired
>
> - --
> Devon
>
>> On 6/30/10 11:30 AM, Devon True wrote:
>> All:
>>
>> I am seeing increasing input queue drops on a 7600 running 12.2(33)SRC5
>> on a SPA-2X1GE in a 7600-SIP-400.
>>
>> #sh int g1/1/1
>> GigabitEthernet1/1/1 is up, line protocol is up
>>     Hardware is GigEther SPA, address is 001d.7170.3500 (bia
>> 001d.7170.3500)
>>     Description:
>>     Internet address is x.x.x.x/yy
>>     MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
>>        reliability 255/255, txload 72/255, rxload 46/255
>>     Encapsulation ARPA, loopback not set
>>     Keepalive not supported
>>     Full Duplex, 1000Mbps, link type is force-up, media type is SX
>>     output flow-control is unsupported, input flow-control is unsupported
>>     ARP type: ARPA, ARP Timeout 04:00:00
>>     Last input 00:00:00, output 00:00:00, output hang never
>>     Last clearing of "show interface" counters 01:44:10
>>     Input queue: 0/75/1707/0 (size/max/drops/flushes); Total output
>> drops: 0
>>     Queueing strategy: fifo
>>     Output queue: 0/40 (size/max)
>>     5 minute input rate 183245000 bits/sec, 41346 packets/sec
>>     5 minute output rate 283924000 bits/sec, 55078 packets/sec
>>        256319513 packets input, 149816057859 bytes, 0 no buffer
>>        Received 5 broadcasts (0 IP multicasts)
>>        0 runts, 1707 giants, 0 throttles
>>        1707 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>>        0 watchdog, 0 multicast, 0 pause input
>>        308870586 packets output, 193458081331 bytes, 0 underruns
>>        0 output errors, 0 collisions, 0 interface resets
>>        0 babbles, 0 late collision, 0 deferred
>>        0 lost carrier, 0 no carrier, 0 pause output
>>        0 output buffer failures, 0 output buffers swapped out
>>
>> I also ran "sh int g1/1/1 switching" and it looks like the RP is
>> dropping the packets.
>>
>> #sh int g1/1/1 switching
>> GigabitEthernet1/1/1
>>             Throttle count          0
>>           Drops         RP       1706         SP          0
>>     SPD Flushes       Fast          0        SSE          0
>>     SPD Aggress       Fast          0
>>    SPD Priority     Inputs       7257      Drops          0
>>
>>        Protocol       Path    Pkts In   Chars In   Pkts Out  Chars Out
>>           Other    Process          0          0          0          0
>>               Cache misses          0
>>                       Fast          0          0          0          0
>>                  Auton/SSE      15978     958680          0          0
>>              IP    Process   80379934 7498092736   42273104 3084247027
>>               Cache misses          0
>>                       Fast   68341283 5017154676    1197481   86714780
>>                  Auton/SSE 401843915443 245108148367129 516300637842
>> 386876899705145
>>         DEC MOP    Process          0          0      31700    2440900
>>               Cache misses          0
>>                       Fast          0          0          0          0
>>                  Auton/SSE          0          0          0          0
>>             ARP    Process      15978     958680      15866     951960
>>               Cache misses          0
>>                       Fast          0          0          0          0
>>                  Auton/SSE          0          0          0          0
>>
>> Any advice on troubleshooting? I looked at
>> http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml
>>
>> and "show buffers input-interface g1/1/1 header" does not display any
>> data and performing "debug ip packet" on a production router may not be
>> in my best interests. :)
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwsnNAACgkQWP2WrBTHBS/oGACg3H/BJyzwbeFeoieAodkPVBv5
> 1/AAoK97sTk30Qp9TgaWkISRQOfJVJ/G
> =FSET
> -----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list