[c-nsp] CoPP IS-IS traffic on N7k
Lincoln Dale
ltd at cisco.com
Tue Jan 25 17:24:11 EST 2011
On 25/01/2011, at 11:57 PM, Matthew Melbourne wrote:
> I managed to catch it, and for some strange reason iSCSI data-plane
> traffic is hitting the control-place. When netstack is not running at
> 100%, I see the usual control plane traffic, e.g. HSRP, STP, ARP
> (etc), but when it's at 100% I see lots of:
>
> nx02.fhcon# show file bootflash:high_cpu.txt
> 2011-01-25 10:03:47.571183 10.10.35.138 -> 10.10.47.0 TCP 3260 >
> 62592 [ACK] Seq=1 Ack=1 Win=2213 Len=0 TSV=1300 TSER=1297
curious. how does this iSCSI traffic get into the 10.10.44.0/22 subnet?
my bet is that the either the device at 10.10.35.138 (iscsi device) is misconfigured or buggy in terms of how it handles classless addressing - or the router that gets traffic FROM that 10.10.35.138 device into the 10.10.47.0 address is misconfigured or buggy.
if you use ethanalyzer again - but this time in 'verbose' and specifically to match iscsi traffic, hopefully we can see what mac-address the traffic to 10.10.47.0 is destined towards. my guess is that it has a destination mac-address of the broadcast mac address - which means that the switch MUST receive it.
a workaround on the switch (but its a hack) is to tune your CoPP policy to explicitly put this iSCSI traffic into its own 'drop' bucket. but i bet its hitting every switchport in the vlan so best actually solve the root cause rather than paper over the symptom.
cheers,
lincoln.
More information about the cisco-nsp
mailing list