[c-nsp] Reasons for "random" ISIS flapping?

[Saku Ytti]

On (2013-08-28 22:11 +0200), Peter Rathlev wrote:

>  mls rate-limit multicast ipv4 fib-miss 10000 10
>  mls rate-limit multicast ipv4 igmp 5000 10
>  mls rate-limit multicast ipv4 ip-options 10 1
>  mls rate-limit multicast ipv4 partial 10000 10
>  mls rate-limit unicast cef glean 1000 10
>  mls rate-limit unicast acl input 200 10
>  mls rate-limit unicast acl output 200 10
>  mls rate-limit unicast ip options 10 1
>  mls rate-limit unicast ip rpf-failure 200 10
>  mls rate-limit unicast ip icmp unreachable no-route 200 10
>  mls rate-limit unicast ip icmp unreachable acl-drop 200 10
>  mls rate-limit unicast ip errors 200 10
>  mls rate-limit all ttl-failure 500 10

I can't suggest any silver bullet, this is what we do:

# these are probably too large, but I configured them in 2006 to survivable
# level and didn't have reason to downgrade
mls qos protocol ARP police 2000000 62000
mls qos protocol NEIGH-DISCOVER police 2000000 62000
mls rate-limit multicast ipv4 fib-miss 2000 10
mls rate-limit multicast ipv4 non-rpf 10 10
mls rate-limit multicast ipv4 igmp 2000 10
mls rate-limit multicast ipv4 partial 2000 10
mls rate-limit unicast cef glean 200 50
mls rate-limit unicast ip options 10 10
mls rate-limit unicast ip rpf-failure 10 10
# not needed if all interfaces disable redirects (we could remove this and free slot)
mls rate-limit unicast ip icmp redirect 0
mls rate-limit unicast ip icmp unreachable no-route 10 10
mls rate-limit unicast ip icmp unreachable acl-drop 10 10
mls rate-limit unicast ip errors 10 10
mls rate-limit all ttl-failure 200 50
# not needed if all interfaces have same MTU, can free sot
mls rate-limit all mtu-failure 10 10
# do not run this, if you run STP, UDLD or use EOAM to put interfaces down
mls rate-limit layer2 pdu 20 20

You should also run broadcast storm-control in LAN interfaces, 6704 cannot do less than 0.34%, which already is too much unfortunately.


-- 
  ++ytti