One Issue often seen when using OTV ADJACENCY SERVER is occasional flaps of ISIS Adjacency across the network and Local Site. Thi is usually seen when a large amount of Traffic is flowing through the Nexus.
There is a primary difference in the type of packet that is formed when using multicast in the Core vs using Adjacency Server Scenario where the packets are Unicast.
Here is how a packet looks when using Multicast in the Core.This capture is taken on the Core side of the Network.
The packet format is IP-GRE-MPLS-L2
Here is how a Packet looks when using Adjacency Server. This capture was taken on the Core side of the Network.
The Packet format is IP-UDP-DATA. Notice this packet is destined to UDP Port 8472.
Now if the CoPP policies are not updated correctly on the Nexus these Adjacency Server IS-IS Hello Packets are going to fall under the Default Copp Class and will be dropped when there are too many packets falling under the Default Policy.
This can be easily identified by observing the CoPP policy and checking to see if there is any Class matching the UDP port 8472. If there is none then this is most likely the cause of IS-IS flaps.
What we are looking for in the class-Map is something like this
ip access-list copp-system-p-acl-otv-as
permit udp any any eq 8472
Which is under this CLASS CRITICAL.
class-map type control-plane match-any copp-system-p-class-critical
match access-group name copp-system-p-acl-igmp
match access-group name copp-system-p-acl-msdp
match access-group name copp-system-p-acl-bgp
match access-group name copp-system-p-acl-eigrp
match access-group name copp-system-p-acl-rip
match access-group name copp-system-p-acl-rip6
match access-group name copp-system-p-acl-ospf
match access-group name copp-system-p-acl-pim
match access-group name copp-system-p-acl-bgp6
match access-group name copp-system-p-acl-ospf6
match access-group name copp-system-p-acl-pim6
match access-group name copp-system-p-acl-vpc
match access-group name copp-system-p-acl-mac-l2pt
match access-group name copp-system-p-acl-otv-as
If this is not present then we need to add this to make sure the IS-IS hellos are matched explicitly under this class.
these routers are direclty connected via point to point connection. When I try summarization, only ip route x.x.x.x x.x.x.x null0 with network statement works for me. When I use the aggregate address command I dont see summary route in route t...
Hi,I have an ASA2110 for multiple VPN customer's which are accessing different servers in our cloud environment.I will make this as simple as I can, my scenario is like this: 1 - On the ASA there is a DMZ sub-interface configured on 192.168.56.0/24 s...
I am setting up QoS for the first time, to accomodate requirements from a specialized VoIP vendor, and testing on GNS3 with Viral IOSv images, and am running into two issues. A pair of routers on each end communicate over a tunnel (on a semi-private...
I try and read and help people on here, however....Surely there needs to be some sort of competence level before people are allowed to post?I see more and more posts that I just think FFS how have you even got a CCO account?My Cat 3850 won't route? Come o...
Hi, I am struggling with the setup of the WLC 9800 on a Catalyst 9300 Switch. I would like to configure it from DNA Center but I think DNA Center is not aware that I have one.Here is the output from my switch Next reload AIR license Level: AIR DNA Ad...