cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2681
Views
0
Helpful
3
Replies

Nexus Packet Drops

Simon Young
Level 1
Level 1

I have an issue where I am seeing packet drops and was wondering if anyone can explain to me, what might be happening

 

I have included a topology

 

I have two devices, I am doing an NSLOOKUP from one to the other

The traffic path is VLAN A (test device) >> VLAN B (DNS listener)

HSRP master for each VLAN (A and B) is Nexus 1

I see packets leaving test device and never arriving on the other appliance, a packet sent 5 seconds later arrives.

If I go to Nexus 2 and shutdown interface 1/4 = no change

If I then shutdown 1/3 and 1/4 on Nexus 2, the problem goes away

If I restored interface 1/3 or 1/4 the issue comes back

I have my suspicions that traffic is traversing the VPC 103 and the VPC peer link, possibly being dropped by the loop avoidance mechanism

When I switch off the VPC 103 members on Nexus 2, traffic has to traverse 1/3 and 1/4 on Nexus 1 (when going to Fabric B), thus avoiding the peer link.

Is there any way I can prove this, as I’m not able to find a loop avoidance counter of any kind? Or is there something else in the mix? Any help much appreciated

3 Replies 3

Remi Astruc
Level 1
Level 1

Hi Simon,

Can you check the VPC consistency:

show vpc consistency-parameters global

show vpc consistency-parameters vpc 102

show vpc consistency-parameters vpc 103

Are you using the Peer-gateway feature?: (will help to understand the expected path)

show run vpc all | grep peer-gateway

 

Remi Astruc

 

Hi Remi

Thanks for the response,

Capture.PNG

 

should I be seeing x2 members? Port 1/4 as well?

I am seeing both 1/3 and 1/4 under the vpc statistics, so Ill assume that this isn't a problem

Capture.PNG

 

Are you using the Peer-gateway feature?

No I don't appear to be

show run vpc all | grep peer-gateway
no peer-gateway

Hello,

Is Vlan 1000 involved in your test traffic "Vlan A" - "Vlan B"? Because it is faulty from VPC perspective. Maybe included in a VPC Po while missing in the VPC Peer-Link, or something similar. If it maps your "VSAN 1000", it should not be present in any VPC, so you need to clear things.

If that has no relation with Vlan A/B, you should do further testing to isolate the point of issue:

Does it work when shuting Nexus1 ports 1, 2, 3, 4? (and ensure HSRPs are still Master on Nexus1)

Does it work when shuting Nexus1 ports 3, 4 and Nexus2 1, 2?

Does it work when moving HSRPs to Nexus2?

More generally, does the problem occur only for your 2 machines test, or on many other traffic?

 

Remi Astruc

 

Review Cisco Networking for a $25 gift card