N7000 : details of packets dropped by COPP policy (class-default) ?

Similar Messages

• Customer packet drops issue

  Hi,
  Our customer took 30Mbps metro link from us. Even at 17Mbps link utilization they are facing packet drops. Our side policer is implemented for 30Mbps. There are no errors on customer or our interfaces. But I can see exceed packets under 'show policy-map interface' . Used maximum Bc. Does customer required to implement shaping his end with same CIR and Bc.
  Regards
  Siva K

  Hi Siva,
  It is not a mandatory rule that Customer should also have the same CIR configured with shaping.
  When Customer have 30 Mbps circuit SLA with Service Provider, he may be able to pump ta line rate from CE side. But on PE side, it will be policied and excess traffic will be dropped.
  To avoid Customer's traffic getting dropped at PE, It is advisible to configure shaping at CE side so that the traffic SLA will be maintained without or with less number of packet loss.
  Can you post your config and show policy-map interface output with traffic?.
  Regards,
  Nagendra

• Packet drops and High CPU on Cisco 3845 Switch

  Hello Experts,
  We are facing a lot of packet drops in our LAN.
  When we try to ping one of the access switches from the CE router, we get the follwoing output:
  pdel1799#ping 10.132.136.17 so 10.132.164.1 si 100 re 500
  Type escape  sequence to abort.
  Sending 500, 100-byte ICMP Echos to 10.132.136.17, timeout  is 2 seconds:
  Packet sent with a source address of  10.132.164.1
  Success  rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44  ms
  pdel1799#
  Success  rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44  ms
  pdel1799#
  Some command outputs and show tech of all switches attached from the customer which I have attached.
  I have also attached a diagram but the only router''s IP address is correct in the diagram while IP address of switches in the diagram are incorrect. Here are the correct IPs of the switches:
  Core Switch : 10.132.139.2
  Access Switches:
  10.132.136.17
  10.132.136.18
  10.132.136.29
  Apart from packet drops on VLAN 1 we are seeing  high CPU utilization on core switch
  ingur-msl-coresw#sh processes cpu sorted | ex 0.0
  Core 0: CPU utilization for five seconds: 61%; one minute: 45%;  five minutes: 47%
  Core 1: CPU utilization for five seconds: 63%; one minute: 46%;  five minutes: 56%
  Core 2: CPU utilization for five seconds: 36%; one minute: 74%;  five minutes: 69%
  Core 3: CPU utilization for five seconds: 85%; one minute: 69%;  five minutes: 65%
  PID    Runtime(ms) Invoked  uSecs  5Sec     1Min     5Min     TTY   Process
  5638   2374911     23863975 131    52.03    52.24    52.58    1088  fed               
  9227   43623       21191441 182    8.36     5.53     5.71     0     iosd              
  6146   1437288     13888905 56     0.95     0.68     0.70     0     pdsd              
  5639   1292905     86276135 11     0.13     0.13     0.11     0     platform_mgr      
  6161   2831440     20952285 955    0.13     0.12     0.10     0     cpumemd    
  I can get more details required to resolve this, please help!!

  Hi,
  I can see several Mac Flaps in the logs provided.... i.e. on int gi 1/1/3.  have you verified you don't have any bridging loop occurring on the network?
  Regards,
  Yaseen

• Purchase order item details in the drop box is not appearing

  Hi all ,
  I have created a 'Z' transaction  ME22N .Purchase order change .
  In that transaction purchase order item details in the drop box is not appearing.
  Please suggest .

  Hi,
  System will not display the Purchase order item details in the first screen. First enter the data on the Item overview like Material or short text then only it will display the Item details.
  I think you are checking with out entering the data on Item overview .
  Check by entering the material/short text.
  rgds
  Chidanand

• Packet drop when clients moving from one Access point to another

  HI  All ,
  I am new to wireless . I am using  WS-SVC-WISM-1-K9  wism module and using 5 Access points . When my clients are moving from one access point to another we are getting packet drops .
  Kindly anyone suggest me what all configuration i need to verify on the controller  for Proper client roaming so that i can resolve my issues..
  Please let me know in case of any explanations requiered .
  Thanks  in Advance !!!
  Regards
  Angus

  For radius authenticated SSIDs, you need WPA2-aes or wpa1-tkip-CCKM. It depends on what the client supports.
  For pre-shared key, any WPA should be decent enough for roaming speed.
  If you're on WEP ... no comment.
  If you covered the above point, check if it's not a coverage problem. If the 2 APs coverage zone are not overlapping there will be a hole where you don't have signal and logically will have packet drops.

• Wireless AP 1262 getting packet drops whille buffering videos for 18 users.

  Hi Team,
  Please help for this issue
  We are having 1262 Access point model and we are getting packet drops when 20  users are connected and users do Video streaming and buffering online.
  Even our AD IP address also getting packet drops during the users are connected and using youtube or someother video sites.
  Please help on this issue.
  Best regards,
  Arun

  Well if you have 802.11n enabled and also have 802.11n capable devices, then you would have max of 144mbps on the 2.4ghz and up to 300mbps on the 5ghz with 40 MHz channels. If you are using 20mhz on the 5ghz you will have the same as the 2.4ghz which is again 144mbps.
  So if you have clients working fine on the 5ghz and its set to 20mhz, then I would look at interference on the 2.4ghz. See if your SNR is low as that will identify a poor 2.4ghz spectrum.
  Sent from Cisco Technical Support iPhone App

• EEM -automatic shut down or switch over of WAN link in OSPF when packet drop increase

  Hi,
  Need help..
  can any one help me how can EEM help for automatic shut down or switch over of WAN link in OSPF when packet drop increase a predefined level.
  I have a set up different branches connected together...OSPF is the routing protocol and need to communicate with two branches via hub locations.
  need to shut or switch some percent of traffic from primary to back up when packet drop in the link.

  I am not sure EEM can do what you want.
  Another option could be to use SLA tacking/monitoring. But you will fall back to the new route when you lose some percentage of pings, you can't switch only part of the traffic.
  I hope it helps.
  PK

• Signature 1330 causes packet drops

  Hello Members,
  i see in my IPS-NME module a hign number of packet drops because of the following signatures:
  1330-17: TCP segment out of state order
  1330-12: TCP segment is out of order.
  the targets and the attacers are internal hosts.
  are these signatures triggered because of not propper configured policies or is this an indicator for problems in the internal network.
  thanks for your inputs.
  regards
  alex

  Hello Sid,
  thanks for your answer. I learned that most of packets where the Signature 1330 triggers are packets from the IPS module to the IPS Express Manager. I added wireshark dump to the case.
  That's really odd, i ran a traceroute from the IPS Manager to the IPS Module and vice versa and the flow look ok to me.
  Trace from the IPS module to the IPS Manager
  # trace 10.0.128.5
  traceroute to 10.0.128.5 (10.0.128.5), 4 hops max, 40 byte packets
  1  172.16.1.9 (172.16.1.9)  1.479 ms  1.327 ms  1.275 ms
  2  172.16.1.1 (172.16.1.1)  3.616 ms  2.952 ms  1.907 ms
  3  10.89.27.10 (10.89.27.10)  2.288 ms  2.044 ms  2.136 ms
  4  10.89.27.21 (10.89.27.21)  8.106 ms  9.148 ms  8.266 ms
  return path
  C:\Users\Administrator.NOS-POC>tracert 172.16.1.11
  Tracing route to 172.16.1.11 over a maximum of 30 hops
    1    <1 ms    <1 ms    <1 ms  10.0.128.1
    2     2 ms     3 ms     2 ms  172.16.2.1
    3     1 ms     1 ms     1 ms  10.89.27.22
    4     9 ms     9 ms     9 ms  10.89.27.9
    5     8 ms     8 ms     8 ms  172.16.1.6
    6     8 ms     8 ms     8 ms  172.16.1.11
  Trace complete.
  trace from the IPS module's gateway
  #traceroute vrf CENTRAL 10.0.128.5 source 172.16.1.9
  Type escape sequence to abort.
  Tracing the route to 10.0.128.5
    1 172.16.1.1 0 msec 0 msec 0 msec
    2 10.89.27.10 0 msec 0 msec 4 msec
    3 10.89.27.21 8 msec 8 msec 8 msec
    4 172.16.2.6 8 msec 8 msec 4 msec
    5 10.0.128.5 4 msec 4 msec 4 msec
  what make me wonder is that the IPS module doesn't show hops further than 4 hops.
  regards
  alex

• Monitoring dscp ef packet drops

  Looking for some guidance please.
  I have been tasked by our network team to find a solution to monitor voice traffic specifically for packet drops in dscp ef traffic.
  Thinking of using my cacti box as my first port of call but need to know exactly which OIDs i need to be pulling in.  I have looked at the various mib sets related to qos cos etc.... but to be honest, they are bit daunting for someone who is not familiar in this area.
  Any other options for this would be greatly appreciated - could rmon fulfill this task?
  cheers

  You can troubleshoot the output drops occuring with priority queuing be following the sugesstions made in http://www.cisco.com/en/US/tech/tk39/tk51/technologies_tech_note09186a0080103e8a.shtml

• Packet drops on v490 production server..help us

  Hello...
  We have v490 server with ce0 interface configured.. It gets down frequently & after some packet drops it makes itself up...
  Can anybody tell me what could be the reason behind this problem...
  I have checked switch & router by changing interface cables, still problem persists...no message on /var/adm/messages.
  Thanks in advance
  gmraj

  try a "snoop -d ce0" and verify messages
  also, perhaps the NIC is broken
  also, perhaps the duplex/speed of the NIC isn't set correctly (autoneg, forced, fullduplex, halfduplex etc.) and you have to define it with a "ndd -set "

• High packet drop over FCoE setup

  We have nexus 5k switch connected to storage array through FCoE 10GB interface and with blade chasse support FCoE. We are facing a hug latency on the traffic flow between the server and the storage. Can some one help me to solve this issue? Also do we need to setup the jumbo frame and modify the MTU size?
  Sent from Cisco Technical Support iPad App

  Aymen,
  MTU should not be an issue.  No need to modify the MTU for regular ethernet traffic, unless you're using IP storage such as iSCSI. 
  Let's narrow down the problem first. 
  1. Do you see packet loss/performance issues on other servers connected to the same N5K(s)?
  2. Are you seeing any packet drops on the N5K interfaces or GATOs ASIC? 
  show interface e1/20 counters errors
  show interface e1/20 flowcontrol
  show interface e1/20 priority-flow-control
  show system internal ethpm errors | egrep Ethernet1/20
  show hardware internal gatos port ethernet 1/20| egrep -i err
  I would check these counters on both the host facing and arrary facing interfaces.
  3. What is the exact array that is FCoE attached?
  4. Do you have a topology diagram?
  5. What are the server side adapters, firmware and driver versions being used (include the OS on the host).
  Regads,
  Robert

• ASA packet drop

  Hi,
  i want to ask. My ASA5520 is generating some packet drops constantly and we have some problems with server aplication that a proccessing of tasks from client to server take a long time (sometime about 15 seconds). Our client application is accessing a server throught IPSec VPN tunnel terminated on two ASA`s. Our connectivity is about 20Mbit/s to internet and responses to ping about 5 ms and our internet load is about 20% on both sides - so i think this parameters are not bad. MTU is configured for 1500 for all interfaces. If this apllication is on local network its is working with no problems. Long responses are only throught VPN tunnel.
  Can someone help me where to search for possible reasons? - is a drop rate about 2-4pkts/sec a normal behavior on Outside and Inside interface?
  Outside:
          received (in 3089.110 secs):
                  1440158 packets 1318512125 bytes
                  466 pkts/sec    426825 bytes/sec
          transmitted (in 3089.110 secs):
                  1189541 packets 449651676 bytes
                  385 pkts/sec    145560 bytes/sec
        1 minute input rate 660 pkts/sec,  569735 bytes/sec
        1 minute output rate 543 pkts/sec,  194757 bytes/sec
        1 minute drop rate, 2 pkts/sec
        5 minute input rate 541 pkts/sec,  494752 bytes/sec
        5 minute output rate 418 pkts/sec,  115924 bytes/sec
        5 minute drop rate, 2 pkts/sec
  Inside:
          received (in 998799.294 secs):
                  1207809993 packets      733339825912 bytes
                  1002 pkts/sec   734002 bytes/sec
          transmitted (in 998799.294 secs):
                  1200125098 packets      882901742659 bytes
                  1003 pkts/sec   883004 bytes/sec
        1 minute input rate 502 pkts/sec,  179984 bytes/sec
        1 minute output rate 614 pkts/sec,  564726 bytes/sec
        1 minute drop rate, 4 pkts/sec
        5 minute input rate 391 pkts/sec,  108899 bytes/sec
        5 minute output rate 508 pkts/sec,  490840 bytes/sec
        5 minute drop rate, 4 pkts/sec
  DMZ:
          received (in 998799.984 secs):
                  58298524 packets        44825759311 bytes
                  2 pkts/sec      44002 bytes/sec
          transmitted (in 998799.984 secs):
                  46530732 packets        12940381278 bytes
                  3 pkts/sec      12001 bytes/sec
        1 minute input rate 53 pkts/sec,  13049 bytes/sec
        1 minute output rate 49 pkts/sec,  3004 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 36 pkts/sec,  5570 bytes/sec
        5 minute output rate 33 pkts/sec,  1755 bytes/sec
        5 minute drop rate, 0 pkts/sec
  Aggregated Traffic on Physical Interface
  GigabitEthernet0/0:
          received (in 3089.870 secs):
                  1440885 packets 1346005546 bytes
                  466 pkts/sec    435618 bytes/sec
          transmitted (in 3089.870 secs):
                  1190187 packets 474475065 bytes
                  385 pkts/sec    153558 bytes/sec
        1 minute input rate 660 pkts/sec,  582256 bytes/sec
        1 minute output rate 543 pkts/sec,  206077 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 541 pkts/sec,  504955 bytes/sec
        5 minute output rate 418 pkts/sec,  124804 bytes/sec
        5 minute drop rate, 0 pkts/sec
  GigabitEthernet0/1:
          received (in 998800.164 secs):
                  1207813930 packets      757321051733 bytes
                  1002 pkts/sec   758002 bytes/sec
          transmitted (in 998800.164 secs):
                  1200125732 packets      906238831947 bytes
                  1003 pkts/sec   907000 bytes/sec
        1 minute input rate 502 pkts/sec,  190546 bytes/sec
        1 minute output rate 614 pkts/sec,  576442 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 391 pkts/sec,  117300 bytes/sec
        5 minute output rate 508 pkts/sec,  500487 bytes/sec
        5 minute drop rate, 0 pkts/sec
  GigabitEthernet0/2:
          received (in 998800.224 secs):
                  58298526 packets        45904344202 bytes
                  2 pkts/sec      45000 bytes/sec
          transmitted (in 998800.224 secs):
                  46530733 packets        13855555976 bytes
                  3 pkts/sec      13003 bytes/sec
        1 minute input rate 53 pkts/sec,  14097 bytes/sec
        1 minute output rate 49 pkts/sec,  4018 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 36 pkts/sec,  6271 bytes/sec
        5 minute output rate 33 pkts/sec,  2437 bytes/sec
        5 minute drop rate, 0 pkts/sec
  GigabitEthernet0/3:
          received (in 998800.364 secs):
                  0 packets       0 bytes
                  0 pkts/sec      0 bytes/sec
          transmitted (in 998800.364 secs):
                  0 packets       0 bytes
                  0 pkts/sec      0 bytes/sec
        1 minute input rate 0 pkts/sec,  0 bytes/sec
        1 minute output rate 0 pkts/sec,  0 bytes/sec
        1 minute drop rate, 0 pkts/sec
        5 minute input rate 0 pkts/sec,  0 bytes/sec
        5 minute output rate 0 pkts/sec,  0 bytes/sec
        5 minute drop rate, 0 pkts/sec

  Hi,
  There is no UDP flow limit configured on this firewall:
  asa-hvac# sh local-host router-bacnet
  Interface inside: 3 active, 8 maximum active, 0 denied
  local host: ,
  TCP flow count/limit = 0/unlimited
  TCP embryonic count to host = 0
  TCP intercept watermark = unlimited
  UDP flow count/limit = 2/unlimited
  Conn:
  UDP out ctrl-delta-maniwaki:47808 in router-bacnet:47808 idle 0:00:15 flags -
  UDP out ctrl-delta-laurentienne:47808 in router-bacnet:47808 idle 0:00:00 flags -
  Interface outside: 15 active, 33 maximum active, 0 denied
  To answer your second question, when the problem appear, there is the same 2 flows when I issue the "show local-host bacnet-router" command.

• Packet drop in L2L VPN tunnel

  Hi,
  MY ASA5540 has 40 L2L IPsec VPN tunnels to other sites. One of tunnels has packet drop often ( but the tunnel remind up ). Called ISP and confirm its not ISP issue. Is there any method to troubleshoot the issue ? what should I look at in the configuration ? any help will be appericated.
  Thanks

  Verify that ACLs and NAT configurations are Correct. Some times it may also block the traffic.
  Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions
  http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

• 6500 CoPP policy help?

  Hi,
  I am trying to implement CoPP on a 6500 and need some assistance.
  I wish to rotect the switch/network during any event such as virus outbreak, and retain remote access via telnet.
  I have created several classes for known traffic, and applied as transmit/transmit so I can fine tune the values.
  I am finding the below  challenges.
  1. Many classes, despite averaging well below the CIR appear to 'burst' regularly into exceed/viotate.
  I have tried to increase  the 'CIR and bc/be' to higher values to get the exceeds down to zero. However they appear to keep bursting into exceed/violate.  I am unsure what do as I do not want to drop this traffic and cause more issues?
  2. Despite classifying all known traffic, still 70-80% seems to be taken up by the 'class default'?
  Is this too high or ok? Do I need to more classification via spanning the control plane to wireshark?
  I am worried I will cause more issues if important traffic is dropped?
  And that some traffic (such as spanning tree) cannot be classified out of the class default.
  Just looking for some general guidance.
  Thanks

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  CoPP is really to protect the control plane from DoS type of overload, so the switch can still meet some or all of its control plane requirements.  Depending on the nature of an attack, toward the network device itself, you might be on difficult to impossible quest to guarantee in-band access, like telnet.  Even out-of-band access might have issues.
  Like broadcast storm control, often necessary data is policed too.
  So, as you're finding, getting CoPP to really work as you think it should, can be problematic.
  However, it doesn't mean CoPP isn't without merit, just understand it's sort of a last resort to try to preclude total network failure, but when it engages, you're likely to still have some network issues.

• 4500-packets drop - IOS 12.2.25SG Sup2+

  Q.1. ' sho plat cpu packet stat' output shows Packets were dropped for the reason 'NoFloodPorts'. What does that mean ??
  Packets Dropped In Processing by Reason
  Reason Total 5 sec avg 1 min avg 5 min avg 1 hour avg
  L2DstDrop 3 0 0 0 0
  NoFloodPorts 539467
  Q.2. PacketRaw Buffer is 100% allocated and used. Should I increase it ??
  kbytes % in use kbytes % in use
  PacketBufRaw 20355.00 100% 20355.00 100%

  Nofloodports counter is similar to Color Blocking Logic (CBL) drops in 6500, which are expected if spanning tree is blocking for a VLAN on a port etc. For example, broadcast, mulitcast, or unknown unicast might still be received on a blocked port. It is normal to see this counter increment.