![]() Examples of this include frames with FCS or CRC errors. When the switch receives an invalid frame on one of the front panel interfaces, it is dropped as an error. These should not be counted as "drop" however it is because of ASIC limitation in -EX platform. This may occur only in -EX platform such as N9K-C93180YC-EX. CDP/LLDP/UDLD/BFD etc.) may be counted as Forward Drop even thought the packet is correctly processed and forwarded to CPU. SUP_REDIRECTĪ sup redirected packet (i.e. Note that, even though the drop name is ACL_DROP, this "ACL" is not same as normal Access Control List that can be configured on standalone NX-OS devices or any other routing/swtching devices. When this ocurred, it usually means the packet is about to be forwarded against basic ACI Forwarding principals. When packet is hitting sup-tcam rules and the rule is to drop the packet, the dropped packet is counted as ACL_DROP and it will increment the Forward Drop counter. The objective of sup-tcam rules is mainly to handle some exceptions or some of control plane traffic and not intended to be checked or monitored by users. Rules in sup-tcam are built-in and not user configurable. Sup-tcam in ACI switches contains special rules to be applied on top of the normal L2/元 forwarding decision. If the frame comes in with a VLAN not deployed, the "translation" will fail. The reason for "XLATE" or "Translate" is because in ACI, the leaf switch will take a frame with an 802.1Q encap and translate it to a new VLAN that will be used for VXLAN and other normalization inside of the fabric. This will increment the Forward Drop counter. However, if VLAN 10 is not on the port, it will drop it and label it as a VLAN_XLATE_MISS. If the switch has VLAN 10 on the port, it will inspect the contents and make a forwarding decision based on the Destination MAC. For example, a frame enters the fabric with an 802.1Q tag of 10. When a packet enters the fabric, the switch looks at the packet to determine if the configuration on the port allows this packet. This increments the Forward Drop counter. If the source and destination are in different EPG's, and there is no contract that allows this packet type between them, the switch will drop the packet and label it as SECURITY_GROUP_DENY. When a packet enters the fabric, the switch looks at the source and destination EPG to see if there is a contract that allows this communication. ![]() There are a variety of reasons this may happen, but let's talk about the Major ones: SECURITY_GROUP_DENYĪ drop because of missing contracts to allow the communication. If the decision is to drop the packet, Forward Drop is counted. In LU block, a packet forwarding decision is made based on the packet header information. Forwardįorward drops, are packets that are dropped on the LookUp block (LU) of the ASIC. Three parameters (forwardingRate, errorRate, bufferRate) in the above table for eqptIngrDropPkts represent each three interface counters. On Nexus 9000 switches running in ACI Mode, there are 3 major hardware counters for ingress interface drop reason on the ASIC.Ī dropRate in l2IngrPkts, l2IngrPktsAg includes those counters. See also CSCvo68407 and CSCvn72699 for further details and fixed versions. *1 : These counters in eqptIngrDropPkts can be falsely raised due to an ASIC limitation in several Nexus 9000 Platforms, because SUP_REDIRECT packets are being logged as forward drops. This represents ingress drop packet statistics per interface during each period This represents ingress packet statistics per EPG, BD, VRF etc.Įx.) EPG stats represents aggregation of VLAN stats which belong to the EPG This represents ingress packet statistics per VLAN during each period This section introduces some of example Managed Object (MO) related to drop packet faults. For example, a fault " F11245 - ingress drop packets rate(l2IngrPktsAg15min:dropRate) " is regarding the parameter dropRate in MO l2IngrPktsAg15min. In Cisco ACI, all faults are raised under Managed Objects (MO). ![]() During Normal Operaton of a Cisco Application Centric Infrastructure (ACI) Fabric, the administrator may see Faults for certain types of Packet Drops. This document describes each Fault type, and the procedure when you see this fault.
0 Comments
Leave a Reply. |