When you login to the Nexus 7000 switch and ping continuously any device, you may notice packet losses. The percentage of packet loss increases when you increase the icmp packet size.
Nexus7000# ping 10.10.10.50 count 20 packet-size 1472 PING 10.10.10.50 (10.10.10.50): 1472 data bytes 1480 bytes from 10.10.10.50: icmp_seq=0 ttl=63 time=1.145 ms 1480 bytes from 10.10.10.50: icmp_seq=1 ttl=63 time=0.552 ms 1480 bytes from 10.10.10.50: icmp_seq=2 ttl=63 time=0.796 ms 1480 bytes from 10.10.10.50: icmp_seq=3 ttl=63 time=0.798 ms 1480 bytes from 10.10.10.50: icmp_seq=4 ttl=63 time=1.195 ms 1480 bytes from 10.10.10.50: icmp_seq=5 ttl=63 time=1.197 ms 1480 bytes from 10.10.10.50: icmp_seq=6 ttl=63 time=1.197 ms 1480 bytes from 10.10.10.50: icmp_seq=7 ttl=63 time=1.196 ms 1480 bytes from 10.10.10.50: icmp_seq=8 ttl=63 time=1.201 ms 1480 bytes from 10.10.10.50: icmp_seq=9 ttl=63 time=1.189 ms 1480 bytes from 10.10.10.50: icmp_seq=10 ttl=63 time=1.051 ms Request 11 timed out. 1480 bytes from 10.10.10.50: icmp_seq=12 ttl=63 time=0.952 ms 1480 bytes from 10.10.10.50: icmp_seq=13 ttl=63 time=1.106 ms 1480 bytes from 10.10.10.50: icmp_seq=14 ttl=63 time=1.22 ms 1480 bytes from 10.10.10.50: icmp_seq=15 ttl=63 time=1.222 ms 1480 bytes from 10.10.10.50: icmp_seq=16 ttl=63 time=1.22 ms 1480 bytes from 10.10.10.50: icmp_seq=17 ttl=63 time=1.106 ms 1480 bytes from 10.10.10.50: icmp_seq=18 ttl=63 time=1.218 ms 1480 bytes from 10.10.10.50: icmp_seq=19 ttl=63 time=1.216 ms
--- 10.10.10.50 ping statistics --- 20 packets transmitted, 19 packets received, 5.00% packet loss round-trip min/avg/max = 0.552/1.093/1.222 ms
It is an expected behaviour. By Default Nexus 7000 Series switches have CoPP (Control Plane Policing) configured. CoPP configuration protects the Switch CPU from the DoS attacks. The class map copp-system-class-monitoring matches the icmp packets and polices with the value 130Kbps.
class-map type control-plane match-any copp-system-class-monitoring match access-group name copp-system-acl-icmp match access-group name copp-system-acl-icmp6 match access-group name copp-system-acl-traceroute
policy-map type control-plane copp-system-policy
class copp-system-class-monitoring set cos 1 police cir 130 kbps bc 1000 ms conform transmit violate drop
You can monitor the CoPP statistics that drops the ICMP packets using the below command
Nexus7000# show policy-map interface control-plane class copp-system-class-monitoring
service-policy input: copp-system-policy
class-map copp-system-class-monitoring (match-any) match access-grp name copp-system-acl-icmp match access-grp name copp-system-acl-icmp6 match access-grp name copp-system-acl-traceroute set cos 1 police cir 130 kbps , bc 1000 ms module 1 : conformed 477438 bytes; action: transmit violated 29352 bytes; action: drop <<<< This counter increments when you see the packet loss in the ping,
As it is mentioned earlier in this document, it is an expected behaviour. Packet loss when you ping from or to Nexus 7000 series switches do not represent the performance of the Nexus 7000 Switch for the packets traversing through the Switch. The packet traversing through the switch is handled by the switch hardware (Data Plane). When you ping from the switch or to the switch, those packets are handled by Switch CPU (Control Plane).
When you troubleshoot an application performance and you want to verify the Nexus 7000 switch is the cause of the slow performance, do not perform the ping test from or to Nexus 7000 series switches. Rather test the connectivity by passing the traffic through the Nexus 7000 series switches.
I need assistance. I am trying ti implement two Nexus 5k into my network. I'm connecting them to a pair of 6509s running in VSS mode. Whenever I turn on the portchannel the ports go into error disabled mode. Here are the configs for the connecti...
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2...
I am doing a QOS config in the following scenario.I have a 250mbps MPLS circuit, where voice and data will both be passing. I know there are multiple ways to do this, just wanting some peer review on the plan below and see if I may be missing anything. I ...
Hello,I want to start by apologizing as I am by no means a networking professional. We have been having issues recently with our primary ISP, and have been trying to setup a connection to use as a failover. We seem to be running into a problem w...
Hi friends,We use main gateway fortigate 100e on our company. We have buy a SG300-10SFP layer 3 switch. I configured vlans and ip address on cisco switch.VLAN 10 - 10.42.10.1VLAN 11 - 10.42.11.1VLAN 12 - 10.42.12.1 GE10 interface trunk mode, admit al...