Re: ACE resource usage

shday · ‎12-15-2010

I have a pair of ACE A2 running HA and I was looking at the resource information an noticed several mac-miss being denied.

I don't know of any issues and everything seems to be running normally. The counter for the mac-miss isn't incrementing right now so I'm not sure when they occured. The documented description just says "MAC miss traffic that was punted to CP". So the traffic was sent to the Control Plane, but is the stat telling me that the CP is denying the packet? Also, what cause this?

Marko Leopold · ‎12-15-2010

your maximum at mac-miss is 1200 and you had a peak of 1200 there. but i guess this wasnt the highest value. from normal behavior i would say the ace is denying everything that is over 1200.

shday · ‎12-15-2010

So it was over 1200, but what is it? What is a MAC-miss and what causes this condition?

Marko Leopold · ‎12-15-2010

Hello!

All explained here

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Module_Troubleshooting_Guide%2C_Release_A2%28x%29_--_Show_Counter_Reference_--_Command_Set_5#show_resource_usage_all

watch this:

Note the mac-miss rate. Mac-miss messages are sent when the dataplane does not find an encap-entry on a route/mac-lookup and ratelimited is 2k/sec. It's possible to see denied messages if incoming traffic rate is higher than that, since CP can take some time to resolve and program the encap entries. The "mac-miss rate" value then is the number of times ACE got a packet from an unknown mac-address, which the CP needs to learn from these packets to populate the neighbors

Regards,

Marko

shday · ‎12-15-2010

Ok, thanks. I'm not seeing these counters incrementing now, but if I see them incrementing should I limit the resource for this? Also, what type of condition would cause this? Is this new bevices coming up in the network?

Marko Leopold · ‎12-15-2010

the fixed limit is 2000 encaps per second. i think there is no need to change that value if you dont experience any problems with it. why this happens can have many causes.maybe a topology change in your network.

johnwobus · ‎06-30-2011

I could use more information about the mac miss rate. We're seeing

symptoms and also mac miss rate denied counters rising, and I

need to sort out what is going on and figure out what might fix

our problems.

What is the relationship to "show arp"? Does it show the table

that the mac miss rate relates to?

If I've imagined this correctly, when a packet arrives, and (for example) it's

destination address is not in the arp table, then the "fastpath agent"

hands the packet to the "slowpath agent", which increments

the mac miss rate resource counter for this second and tosses the packet if

the resource limit has been reached. If the limit has not been reached, it

buffers the packet and arps the address if an arp query is not already outstanding.

If/when the arp reply is received, it updates the arp entry and

sends the buffered packets. How much of this is right?

In this case, a combination of high traffic coming in, numerous arp entries

expiring simultaneously, and slow response from the arped nodes could cause

us to see this counter shoot up, as could a node that is simply

not responding to arp at all. Or anything internal to the ace that slows

down the "slowpath agent". Right?

Where am I off course?

When I do a "show arp" I do see lots of entries with the same listed time.

That doesn't make me comfortable.