Showing results for 
Search instead for 
Did you mean: 

OTV ISIS Flap when using Adjacency Server.


One Issue often seen when using OTV ADJACENCY SERVER is occasional flaps of ISIS Adjacency across the network and Local Site. Thi is usually seen when a large amount of Traffic is flowing through the Nexus.

There is a primary difference in the type of packet that is formed when using multicast in the Core vs using Adjacency Server Scenario where the packets are Unicast.

Here is how a packet looks when using Multicast in the Core.This capture is taken on the Core side of the Network.

The packet format is IP-GRE-MPLS-L2


Here is how a Packet looks when using Adjacency Server. This capture was taken on the Core side of the Network.

The Packet format is IP-UDP-DATA. Notice this packet is destined to UDP Port 8472.


Now if the CoPP policies are not updated correctly on the Nexus these Adjacency Server IS-IS Hello Packets are going to fall under the Default Copp Class and will be dropped when there are too many packets falling under the Default Policy.

This can be easily identified by observing the CoPP policy and checking to see if there is any Class matching the UDP port 8472. If there is none then this is most likely the cause of IS-IS flaps.

What we are looking for in the class-Map is something like this

ip access-list copp-system-p-acl-otv-as

   permit udp any any eq 8472

Which is under this CLASS CRITICAL.

class-map type control-plane match-any copp-system-p-class-critical

     match access-group name copp-system-p-acl-igmp

     match access-group name copp-system-p-acl-msdp

     match access-group name copp-system-p-acl-bgp

     match access-group name copp-system-p-acl-eigrp

     match access-group name copp-system-p-acl-rip

    match access-group name copp-system-p-acl-rip6

     match access-group name copp-system-p-acl-ospf

     match access-group name copp-system-p-acl-pim

     match access-group name copp-system-p-acl-bgp6

     match access-group name copp-system-p-acl-ospf6

     match access-group name copp-system-p-acl-pim6

     match access-group name copp-system-p-acl-vpc

      match access-group name copp-system-p-acl-mac-l2pt

     match access-group name copp-system-p-acl-otv-as

If this is not present then we need to add this to make sure the IS-IS hellos are matched explicitly under this class.