[e-nsp] Packet loss/drop investigation

Erik Bais erik at bais.name
Wed Aug 8 15:32:35 EDT 2012


Hi Youssef,

Best thing to do, is to do some testing using a tool like iperf (which is a traffic generator) is you think that you are having some issues on the switches...

Best way to check if all packets are actually entering and leaving the switches is to do the following:

Create an access-list on the switch using the following command:

edit policy pkt
entry AtoB{
if {
source-address <insert IP address A>/32;
destination-address <insert IP addres B>/32;
} then {
permit;
count AtoB;
}
}
entry BtoA {
if {
source-address <insert IP address B>/32;
destination-address <insert IP address A>/32;
} then {
permit;
count BtoA;
}
}

Save the policy and check the syntax using:  check policy pkt

Now apply the access-list to the ports using:

configure access-list pkt ports 1:1 ingress
configure access-list pkt ports 1:2 ingress
configure access-list pkt ports 1:3 ingress

These ports should match the ingress and egress ports that you are using for the testing. It doesn't matter if you are putting it on other ports, as it doesn't block anything as the default policy with the XoS access-lists are allow.
The only thing you are doing it counting the packets that match the policy.

You can show the counters using:  show accesss-list counters

If you are now sending packets from A2B or from B2A, you should see everything going into the switch and moving out of the switch.
If there are packets dropped, this is the way to see it.

After every test you can clear the counters using clear access-list counter

Hope this helps.

Kind regards,
Erik Bais
A2B Internet



More information about the extreme-nsp mailing list