[c-nsp] ASR9001, 4.3.4sp6, MAC-Accounting ignoring certain peers?

Gert Doering gert at greenie.muc.de
Thu Mar 10 04:48:03 EST 2016


On Wed, Mar 09, 2016 at 09:26:35PM +0100, Gert Doering wrote:
> Someone mentioned a few months ago that there supposedly is a limit of
> 512 peer MAC addresses - but the list of addresses that the box *is*
> counting traffic for is around 400 right now, which is not your typical
> "magic number" for a computer...  (398 in, 420 out).

This is all totally weird.  I've labbed this today on a different ASR9001
(but with same XR version), and this is what I have now:

RP/0/RSP0/CPU0:Cisco-M-XXXII#sh mac-accounting ten0/0/2/2
Thu Mar 10 10:30:34.624 MET
  Input (0 free)*
             Total:  0 packets, 0 bytes
* Resource limit for this port has been met,
  some MAC addresses may not be accounted for.

nice, eh?  Some additional documentation I found stats

   "Total statistics for the traffic accounted for by MAC accounting.
    This excludes any traffic for which there is no MAC address
    entry, such as non-IP traffic from an unknown MAC source address.
    This output also excludes any MAC addresses that have 0 packets
    currently, even if that MAC address was accounted before. Such
    type of MAC addresses still contribute towards the maximum address

so, obviously, all the table entries on that box are now filled with 
mac addresses that *used* to generate traffic but are no longer doing
so - and there seems to be no way (short of rebooting) to clear this
table.  I assume that this is also what is biting us at DECIX - 512 entry
limit, due to router churn, about 100 are "silent" now, and what I get is
the 400 still-active entries from the table.

Interestingly enough, the DECIX router claims its table size is nearly

#sh mac ten0/0/2/3
Thu Mar 10 09:57:48.495 MET
  Input (65020 free)   <<<<

while the other box started with only about 160 entries free.

So the question pretty much boil down to "how many entries *should* there
be?  is this per-linecard, per-interface, per-typhoon?" and "how do I flush
now-silent mac addresses to be able to utilize all table entries for
*active* mac addresses"?

I've opened a case on this (partner first, but I assume this will hit XR TAC
right away) and will report if that turns up something useful...


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160310/fa12b084/attachment-0001.sig>

More information about the cisco-nsp mailing list