[c-nsp] FWSM NP1&2 dot1q drops
Randy
randy_94108 at yahoo.com
Fri Nov 19 00:16:05 EST 2010
Simple setup:
A pair of cat6509(sup 720-3bxl) with fwsm in active/standby mode.
6509's on 12.2(33)SXI4a advipservices.
fwsm on 3.2(5)routed/single-context.
I am at my wits end trying to understand why I am seeing *dot1q drops* by NP1 and NP2 of fwsm.
On NP1 the dot1q drops are almost equal to drops because of not-dot1q:
PKT_MNG: total packets (dot1q) dropped : 4557
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 3874
On NP2:
PKT_MNG: total packets (dot1q) dropped : 2490
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 0
All other drop counters are at zero for NP1 and NP2
The MSFC itself is configured for multiple-vlan-interfaces(INSIDE, OUTSIDE) given our setup ( policy-routing is in effect.) and everything is working as expected *EXCEPT* for the drops-in question.
Only vlans being carried by 6Gig port-channel trunk b/w fwsm are ones for INSIDE, OUTSIDE, lan-failover and state-failover (100, 73, 2 and 3)
Snippets wrt *drops*:
NP1:
fwsm-dc3/act# sh np 1 stats
-------------------------------------------------------------------------------
Fast Path 64 bit Global Statistics Counters (NP-1)
-------------------------------------------------------------------------------
PKT_MNG: total packets (dot1q) rcvd : 16276
PKT_MNG: total packets (dot1q) sent : 31113
PKT_MNG: total packets (dot1q) dropped : 7566
PKT_MNG: TCP packets received : 15110
PKT_MNG: UDP packets received : 1718
PKT_MNG: ICMP packets received : 66
PKT_MNG: ARP packets received : 0
PKT_MNG: other protocol pkts received : 0
PKT_MNG: default (no IP/ARP) dropped : 0
SESS_MNG: sessions created : 1484
SESS_MNG: sessions embryonic to active : 0
SESS_MNG: sessions deleted : 1484
SESS_MNG: session lookup hits : 26900
SESS_MNG: session lookup misses : 4198
SESS_MNG: embryonic lookup hits : 0
SESS_MNG: embryonic lookup misses : 3425
-------------------------------------------------------------------------------
Fast Path 32 bit Global Statistics Counters (NP-1)
-------------------------------------------------------------------------------
SESS_MNG: insert errors : 0
SESS_MNG: embryonic to active errors : 0
SESS_MNG: delete errors : 0
PKT_MNG: packets to NP-3 : 3894
PKT_MNG: packets from NP-3 : 3064
PKT_MNG: packets to FWSM : 59
PKT_MNG: packets from FWSM : 5952
PKT_MNG: packets sent to other blade : 1824
PKT_MNG: packets rcv from other blade : 14237
PKT_MNG: pkt drop (l2 checks) : 0
PKT_MNG: pkt drop (l3 checks) : 0
PKT_MNG: pkt drop (l4 checks) : 0
PKT_MNG: pkt drop (rate limiting) : 0
PKT_MNG: pkt drop (A200) : 0
LU_MNG: UDP packets sent by FP ok : 0
LU_MNG: TCP packets sent by FP ok : 4468
LU_MNG: LU packets sent by SP ok : 0
LU_MNG: LU pkt xmit errors leas twin fail : 0
LU_MNG: UDP packets received for FP ok : 0
LU_MNG: TCP packets received for FP ok : 0
LU_MNG: LU packets received for SP ok : 0
LU_MNG: LU packets received errors : 0
LU_MNG: LU packets redirected to NP3 : 0
LU_MNG: LU packets returned by NP3 : 0
LU_MNG: LU pkt sent new conn : 1489
LU_MNG: LU pkt sent update : 1491
LU_MNG: LU pkt sent fin : 1488
LU_MNG: LU pkt sent data channel : 0
LU_MNG: LU pkt sent move embr to active : 0
LU_MNG: LU pkt xmit error interface down : 0
LU_MNG: LU pkt xmit err intf not configured : 0
LU_MNG: LU pkt xmit err FO flag stop traffic : 0
LU_MNG: LU pkt xmit err FO flag mismatch : 0
LU_MNG: LU pkt rcv err global table mismatch : 0
LU_MNG: LU pkt rcv err FO flag mismatch : 0
LU_MNG: LU pkt rcv err not .1Q : 0
LU_MNG: LU pkt rcv err not AAAA : 0
LU_MNG: LU pkt rcv err lkp hit msg mismatch : 0
LU_MNG: LU pkt rcv err lkp hit pkt/leaf mismatch : 0
LU_MNG: LU pkt rcv err lkp miss msg mismatch : 0
LU_MNG: LU pkt rcv err half hit : 0
LU_MNG: LU pkt rcv err embr to active fail : 0
LU_MNG: LU pkt rcv err control channel not found : 0
LU_MNG: LU pkt rcv err insertion fail : 0
LU_MNG: LU pkt rcv err pkt to np3 msg mismatch : 0
LU_MNG: LU pkt rcv err pkt to np3 leaf not active : 0
AGE_MNG: Aging Errors (no timeout set) : 0
PKT_MNG: PKT_DROP_DHCP_INGR : 0
PKT_MNG: PKT_DROP_MULTIC_BROADC_INGR : 0
PKT_MNG: PKT_DROP_A200_INGR : 0
PKT_MNG: PKT_DROP_ARP_INGR : 0
PKT_MNG: PKT_DROP_A300_INGR : 0
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 6406
PKT_MNG: PKT_DROP_A200_EGR : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_MARK_DE : 0
PKT_MNG: PKT_DROP_A200_LINK_DATA_CH_FAIL : 0
PKT_MNG: PKT_DROP_A200_LEAF_INSERTION_FAIL : 0
PKT_MNG: PKT_DROP_L4_FIXUP_ACK : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN : 0
PKT_MNG: PKT_DROP_L4_FIXUP_RST : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN_ACK : 0
RL_MNG: session miss packet dropped : 0
RL_MNG: other protocol or ICMP dropped : 0
RL_MNG: packet to PIX dropped : 0
RL_MNG: packet to Fixup-PC dropped : 0
RL_MNG: packet to Fixup-SP dropped : 0
PF_MNG: pause frames sent (x3) : 0
PKT_MNG: PKT_DROP_INVALID_GROUP_ID : 0
PKT_MNG: PKT_DROP_INVALID_PAIR_VLAN : 0
PKT_MNG: PKT_DROP_DELETE_FAIL_RETRY : 0
PKT_MNG: PKT_DROP_L4_BAD_FLAGS : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_A300 : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_ALREADY_RST : 0
PKT_MNG: PKT_DROP_L4_SYN_ACK_SAME_DIREC_OF_SYN : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_INS : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_OUT : 0
PKT_MNG: PKT_DROP_L4_ACK_RCV_IN_WRONG_DIRECTION : 0
PKT_MNG: PKT_DROP_L4_BAD_CHECKSUM : 0
PKT_MNG: PKT_DROP_PIF_LOOKUP_FAIL : 0
PKT_MNG: PKT_DROP_BACK_TO_BACK_PACKET : 0
CNT_NUMBER_FULL_OPEN_INDICATION_TO_BE_SENT : 0
CNT_NUMBER_FULL_OPEN_INDICATION_SENT : 0
IPv6 packet received : 0
IPv6 packet sent : 0
IPv6 packet received from PC : 0
IPv6 packet sent to PC : 0
ASR_CNT: PKT_DROP_PIF_IFC_DOWN : 0
ASR_CNT: INGR_PKT_RECEIVED_AC : 0
ASR_CNT: EGRES_PKT_RECEIVED_AC : 0
ASR_CNT: INGR_PKT_RECEIVED_SB : 0
ASR_CNT: EGRES_PKT_RECEIVED_SB : 0
ASR_CNT: INGR_PKT_RECEIVED_BBBB : 0
PKT_CNT: Close indication sent : 1493
PKT_CNT: Route Lookup miss (pkt drop) : 0
PKT_CNT: ARP Lookup miss : 0
PKT_CNT: Delete indication sent : 1493
PKT_CNT: Wrong TLV type : 0
PKT_CNT: TLV 4 received : 1493
RTL_MNG: packet rate limited : 848
RTL_MNG: MAC Relearns forced : 303
RTL_MNG: MAC Relearns forced aborted : 32
AGE_MNG: Aging threads launched : 12896
AGE_MNG: Aging threads aborted : 0
AGE_MNG: Aging ropes completed : 3223
AGE_MNG: Aging Errors (no flag set) : 0
AGE_MNG: Zoombe leaf found : 0
IPv6 HOP_BY_HOP : 0
WAAS IP PACKETS : 0
NP2:
fwsm-dc3/act# sh np 2 stats
-------------------------------------------------------------------------------
Fast Path 64 bit Global Statistics Counters (NP-2)
-------------------------------------------------------------------------------
PKT_MNG: total packets (dot1q) rcvd : 59114
PKT_MNG: total packets (dot1q) sent : 38958
PKT_MNG: total packets (dot1q) dropped : 3901
PKT_MNG: TCP packets received : 46747
PKT_MNG: UDP packets received : 0
PKT_MNG: ICMP packets received : 0
PKT_MNG: ARP packets received : 124
PKT_MNG: other protocol pkts received : 440
PKT_MNG: default (no IP/ARP) dropped : 0
SESS_MNG: sessions created : 1996
SESS_MNG: sessions embryonic to active : 0
SESS_MNG: sessions deleted : 1995
SESS_MNG: session lookup hits : 32857
SESS_MNG: session lookup misses : 16196
SESS_MNG: embryonic lookup hits : 0
SESS_MNG: embryonic lookup misses : 3518
-------------------------------------------------------------------------------
Fast Path 32 bit Global Statistics Counters (NP-2)
-------------------------------------------------------------------------------
SESS_MNG: insert errors : 0
SESS_MNG: embryonic to active errors : 0
SESS_MNG: delete errors : 0
PKT_MNG: packets to NP-3 : 3559
PKT_MNG: packets from NP-3 : 4055
PKT_MNG: packets to FWSM : 59
PKT_MNG: packets from FWSM : 0
PKT_MNG: packets sent to other blade : 14637
PKT_MNG: packets rcv from other blade : 1866
PKT_MNG: pkt drop (l2 checks) : 0
PKT_MNG: pkt drop (l3 checks) : 0
PKT_MNG: pkt drop (l4 checks) : 0
PKT_MNG: pkt drop (rate limiting) : 0
PKT_MNG: pkt drop (A200) : 0
LU_MNG: UDP packets sent by FP ok : 0
LU_MNG: TCP packets sent by FP ok : 5996
LU_MNG: LU packets sent by SP ok : 0
LU_MNG: LU pkt xmit errors leas twin fail : 0
LU_MNG: UDP packets received for FP ok : 0
LU_MNG: TCP packets received for FP ok : 0
LU_MNG: LU packets received for SP ok : 0
LU_MNG: LU packets received errors : 0
LU_MNG: LU packets redirected to NP3 : 0
LU_MNG: LU packets returned by NP3 : 0
LU_MNG: LU pkt sent new conn : 1998
LU_MNG: LU pkt sent update : 2000
LU_MNG: LU pkt sent fin : 1998
LU_MNG: LU pkt sent data channel : 0
LU_MNG: LU pkt sent move embr to active : 0
LU_MNG: LU pkt xmit error interface down : 0
LU_MNG: LU pkt xmit err intf not configured : 0
LU_MNG: LU pkt xmit err FO flag stop traffic : 0
LU_MNG: LU pkt xmit err FO flag mismatch : 0
LU_MNG: LU pkt rcv err global table mismatch : 0
LU_MNG: LU pkt rcv err FO flag mismatch : 0
LU_MNG: LU pkt rcv err not .1Q : 0
LU_MNG: LU pkt rcv err not AAAA : 0
LU_MNG: LU pkt rcv err lkp hit msg mismatch : 0
LU_MNG: LU pkt rcv err lkp hit pkt/leaf mismatch : 0
LU_MNG: LU pkt rcv err lkp miss msg mismatch : 0
LU_MNG: LU pkt rcv err half hit : 0
LU_MNG: LU pkt rcv err embr to active fail : 0
LU_MNG: LU pkt rcv err control channel not found : 0
LU_MNG: LU pkt rcv err insertion fail : 0
LU_MNG: LU pkt rcv err pkt to np3 msg mismatch : 0
LU_MNG: LU pkt rcv err pkt to np3 leaf not active : 0
AGE_MNG: Aging Errors (no timeout set) : 0
PKT_MNG: PKT_DROP_DHCP_INGR : 0
PKT_MNG: PKT_DROP_MULTIC_BROADC_INGR : 0
PKT_MNG: PKT_DROP_A200_INGR : 0
PKT_MNG: PKT_DROP_ARP_INGR : 0
PKT_MNG: PKT_DROP_A300_INGR : 0
PKT_MNG: PKT_DROP_NOT_DOT1Q_INGR : 0
PKT_MNG: PKT_DROP_A200_EGR : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_EMBR_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_NAT_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_UPDATE_LEAF_MARK_DEL : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_NON_ACTIVE : 0
PKT_MNG: PKT_DROP_A200_TLV_DEL_LEAF_MARK_DE : 0
PKT_MNG: PKT_DROP_A200_LINK_DATA_CH_FAIL : 0
PKT_MNG: PKT_DROP_A200_LEAF_INSERTION_FAIL : 0
PKT_MNG: PKT_DROP_L4_FIXUP_ACK : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN : 0
PKT_MNG: PKT_DROP_L4_FIXUP_RST : 0
PKT_MNG: PKT_DROP_L4_FIXUP_SYN_ACK : 0
RL_MNG: session miss packet dropped : 0
RL_MNG: other protocol or ICMP dropped : 0
RL_MNG: packet to PIX dropped : 0
RL_MNG: packet to Fixup-PC dropped : 0
RL_MNG: packet to Fixup-SP dropped : 0
PF_MNG: pause frames sent (x3) : 0
PKT_MNG: PKT_DROP_INVALID_GROUP_ID : 0
PKT_MNG: PKT_DROP_INVALID_PAIR_VLAN : 0
PKT_MNG: PKT_DROP_DELETE_FAIL_RETRY : 0
PKT_MNG: PKT_DROP_L4_BAD_FLAGS : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_A300 : 0
PKT_MNG: PKT_DROP_L4_SEND_RST_ALREADY_RST : 0
PKT_MNG: PKT_DROP_L4_SYN_ACK_SAME_DIREC_OF_SYN : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_INS : 0
PKT_MNG: PKT_DROP_L4_ACK_NOT_ACK_THE_SYN_ACK_OUT : 0
PKT_MNG: PKT_DROP_L4_ACK_RCV_IN_WRONG_DIRECTION : 0
PKT_MNG: PKT_DROP_L4_BAD_CHECKSUM : 0
PKT_MNG: PKT_DROP_PIF_LOOKUP_FAIL : 0
PKT_MNG: PKT_DROP_BACK_TO_BACK_PACKET : 0
CNT_NUMBER_FULL_OPEN_INDICATION_TO_BE_SENT : 0
CNT_NUMBER_FULL_OPEN_INDICATION_SENT : 0
IPv6 packet received : 0
IPv6 packet sent : 0
IPv6 packet received from PC : 0
IPv6 packet sent to PC : 0
ASR_CNT: PKT_DROP_PIF_IFC_DOWN : 0
ASR_CNT: INGR_PKT_RECEIVED_AC : 0
ASR_CNT: EGRES_PKT_RECEIVED_AC : 0
ASR_CNT: INGR_PKT_RECEIVED_SB : 0
ASR_CNT: EGRES_PKT_RECEIVED_SB : 0
ASR_CNT: INGR_PKT_RECEIVED_BBBB : 0
PKT_CNT: Close indication sent : 2001
PKT_CNT: Route Lookup miss (pkt drop) : 0
PKT_CNT: ARP Lookup miss : 0
PKT_CNT: Delete indication sent : 2001
PKT_CNT: Wrong TLV type : 0
PKT_CNT: TLV 4 received : 2001
RTL_MNG: packet rate limited : 0
RTL_MNG: MAC Relearns forced : 313
RTL_MNG: MAC Relearns forced aborted : 33
AGE_MNG: Aging threads launched : 13223
AGE_MNG: Aging threads aborted : 0
AGE_MNG: Aging ropes completed : 3305
AGE_MNG: Aging Errors (no flag set) : 0
AGE_MNG: Zoombe leaf found : 0
IPv6 HOP_BY_HOP : 0
WAAS IP PACKETS : 0
As a result of drops above, I see drops against my fw-vlans 2,3, 73 and 100 interface-counters.
My Questions:
1) What exactly are the dot1q drops trying to tell me?
- on np1 dot1q drops almost equal packet mgr drops apparently because rcvd packets had a problem with the vlan-tag in header
- on np2 dot1q drops persist but *NOT* because of a problem with vlan-tag in header.
2) Why am I seeing dot1q drops on NP1 and NP1 in the first place because of the following:
core1.dc3#sh firewall module 4 state
Firewall module 4:
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 2,3,73,100
Pruning VLANs Enabled: 2-1001
Vlans allowed on trunk: 2-3,73,100
Vlans allowed and active in management domain: 2-3,73,100
Vlans in spanning tree forwarding state and not pruned:
2-3,73,100
So, what am I missing here?
Hope is someone on this list has seen this and *knows* - please share.
Offlist replies for full configs are ok.
Regards,
./Randy
More information about the cisco-nsp
mailing list