Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
4
Helpful
3
Replies

Troubleshoot Copp Drops in ACI

nouse4it
Level 1
Level 1

‎07-01-2025 03:21 AM

Hi Guys,

I´m having a problem that I see a lot of Copp drops on my ACI Leafs in the permitlog class.

Can one of you help me to find out how to troubleshoot this?

I want to know what kind of traffic goes into this class and how to find out where this traffic is coming from.

The only information I found until now is how to check the copp stastics, but no how to find more informations.

Thats the output of show copp policy stats on one of the affected leafs:

COPP Class   COPP proto   COPP Rate    COPP Burst   AllowPkts    AllowBytes   DropPkts     DropBytes
mcp          mcp          1500         1500         0            0            0            0
permitlog    permitlog    300          300          453909140    0            1139296331   0
traceroute   traceroute   500          500          0            0            0            0
cdp          cdp          1000         1000         628231       0            0            0
infraarp     infraarp     300          300          0            0            0            0
ospf         ospf         2000         2000         0            0            0            0
lacp         lacp         1000         1000         9575550      0            0            0
icmp         icmp         500          500          7498043      0            0            0
isis         isis         1500         5000         565646       0            0            0
acllog       acllog       500          500          688745       0            0            0
ifcother     ifcother     5000         5000         0            0            0            0
nd           nd           1000         1000         4708359      0            0            0
ifc          ifc          7000         7000         32603837     0            0            0
bgp          bgp          5000         5000         359989       0            0            0
pim          pim          500          500          0            0            0            0
dhcp         dhcp         1360         340          6708559      0            0            0
coop         coop         5000         5000         154500       0            0            0
stp          stp          1000         1000         0            0            0            0
ifcspan      ifcspan      2000         2000         0            0            0            0
lldp         lldp         1000         1000         2363292      0            147974       0
igmp         igmp         1500         1500         7431         0            0            0
eigrp        eigrp        2000         2000         0            0            0            0
arp          arp          1360         340          723591       0            0            0
glean        glean        100          100          23842054     0            994807       0
tor-glean    tor-glean    100          100          142821       0            0            0

Could you give me some hints how I can check deeper into this?

Thanks!

Labels:
0 Helpful
3 Replies 3

julian.bendix
Level 4
Level 4

‎07-01-2025 08:13 AM

Heyo!

Are you seeing a fault on APIC regarding this? Can you share the details if yes?

Never dove into that, but i would assume that the CoPP permitlog drop counter would rise in case of too excessive logging.
Meaning that there is a good amount of traffic traversing the switch which is permitted, and the logging process run by the CPU is overwhelmed with creating those permit logs ... 

Why do you want those permit logs in the first place? 
Nexus is a super fast data center switch, in my opinion this is not the best place to look for permit logs of ACLs/Contracts

BR
Jules

AshSe
VIP
VIP

‎07-01-2025 08:15 PM

Hello @nouse4it 

I would like to suggest you below steps to troubleshoot COPP drop issue:

  1. Confirm the permitlog Class Definition

     

  2. Identify Contracts with Logging Enabled

     

  3. Analyze Traffic Patterns

     

  4. Temporary Mitigation (Use with Caution) - increase the rate and burst values for the permitlog class

     

  5. Long-Term Solutions:

    • Reduce Logging Volume

    • Offload Logging

       

  6. Verify Logging Infrastructure

Let me know if you need details of them.

HTH & Stay Curious!

AshSe

 

Community Etiquette: 

  1. Insert photos/images inline - don't attach.
  1. Always mark helpful and correct answers, it helps others find what they need.
  1. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

nouse4it
Level 1
Level 1

‎07-02-2025 07:01 AM

First of all thank you both for your help.
I checked the contracts and we don´t have any contracts that to log, besides the default implicit deny contracts.

What I´m struggling the most with at the moment is to identifiy what this big log messages cause. I think it is from the default deny entries, because we have around 100 EPGs. Therefore we have a lot of implicit deny rules for src/dst pctag 0 to every inidividual pctag that does exist on the leaf.

This cause to create quite a lot of deny rules with log actions.

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License