One Issue often seen when using OTV ADJACENCY SERVER is occasional flaps of ISIS Adjacency across the network and Local Site. Thi is usually seen when a large amount of Traffic is flowing through the Nexus.
There is a primary difference in the type of packet that is formed when using multicast in the Core vs using Adjacency Server Scenario where the packets are Unicast.
Here is how a packet looks when using Multicast in the Core.This capture is taken on the Core side of the Network.
The packet format is IP-GRE-MPLS-L2
Here is how a Packet looks when using Adjacency Server. This capture was taken on the Core side of the Network.
The Packet format is IP-UDP-DATA. Notice this packet is destined to UDP Port 8472.
Now if the CoPP policies are not updated correctly on the Nexus these Adjacency Server IS-IS Hello Packets are going to fall under the Default Copp Class and will be dropped when there are too many packets falling under the Default Policy.
This can be easily identified by observing the CoPP policy and checking to see if there is any Class matching the UDP port 8472. If there is none then this is most likely the cause of IS-IS flaps.
What we are looking for in the class-Map is something like this
ip access-list copp-system-p-acl-otv-as
permit udp any any eq 8472
Which is under this CLASS CRITICAL.
class-map type control-plane match-any copp-system-p-class-critical
match access-group name copp-system-p-acl-igmp
match access-group name copp-system-p-acl-msdp
match access-group name copp-system-p-acl-bgp
match access-group name copp-system-p-acl-eigrp
match access-group name copp-system-p-acl-rip
match access-group name copp-system-p-acl-rip6
match access-group name copp-system-p-acl-ospf
match access-group name copp-system-p-acl-pim
match access-group name copp-system-p-acl-bgp6
match access-group name copp-system-p-acl-ospf6
match access-group name copp-system-p-acl-pim6
match access-group name copp-system-p-acl-vpc
match access-group name copp-system-p-acl-mac-l2pt
match access-group name copp-system-p-acl-otv-as
If this is not present then we need to add this to make sure the IS-IS hellos are matched explicitly under this class.
We have couple Cat 6509 with configured HSRP between both switches. We tried do arping from Linux server to gateway(HSRP address on both catalyst) IP and didn't get arp reply. Looks like catalyst switches not responding on ARP with src IP 0.0.0.0Also we t...
Hi, i have SFP 1000BaseLX SFP (PID-GLC-LH-SMD) which is inserted on WS-C3560CX port, i want to use this SFP to interconnect switch WS-C3560CX and WS-C4506-E port module WS-X4712-SFP+E, could you please confirm if SFP 1000Bas...
We have a deployment we cant really figure out why we cant create the actual Fabric. Under Provision, we only have devices and services, not fabric. All software packages are installed (SD-access is "Ready"), but still no Fabric-tab. Any clues? We are run...
The Wrong Firmware was loaded onto a WS-C3850-48F-L switch thus the switch is stuck in a boot loop. I have since booted from USB with the correct firmware and the switch is up and running. If the switch is powered off It try to reboot with th...