Re: asr 1k ARP PUNT POLICY

divadko · ‎11-21-2023

Hi all,

i started to have some issues with customers in only one vlan running on port-channel 20.50 virtual int. There are almot 5000 customers with static IPS (routers only in our management). I have 1-2 cases per month when customers service not working but almost everything looks ok. I can see his mac in arp, but the only noticeable difference is that the Age in arp record for that customers is alwais 0!

#sho ip arp
Internet 1.2.3.4. 0 1111.e7b8.82f6 ARPA Port-channel20.50

I also started to receive punt policier message in logs:

Nov 21 16:17:10.625: %IOSXE-5-PLATFORM: F0: cpp_cp_svr: QFP:0.1 Thread:230 TS:00022346268807535944 %PUNT_INJECT-5-DROP_PUNT_CAUSE: punt policer drops packets, cause: arp (0x7) from Port-channel20.50

So i thing that punt policier blocks arp request from customers cpe so router cant replay it.

I tryed to disable punt policier on this virtual interface with command "no punt-control enable" but i cant see this command after sh run.

Any ideas how to solve this issue? Or how to change punt policier threshold.

Platform is ASR 1006 with dual RP2 and ESP100 Version 16.09.07

Thank you

balaji.bandi · ‎11-21-2023

what is the role of this device :

# show platform hardware qfp active statistics drop

also check do you have any config applied in the global config :

platform qos-policer queue

there was some bug related to this - (i suggest to upgrade to latest version and check)

https://community.cisco.com/t5/cisco-bug-discussions/punt-inject-5-drop-punt-cause-punt-cause-policer-drop-packet/td-p/3959555

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

divadko · ‎11-21-2023

output for "show platform hardware qfp active statistics drop" is:

#show platform hardware qfp active statistics drop
-------------------------------------------------------------------------
Global Drop Stats                         Packets                  Octets  
-------------------------------------------------------------------------
BFDoffload                                   1972                  286540  
BadAdj                                        740                  685753  
BadIpChecksum                                3260                  512270  
BadUidbSubIdx                               99124                 6403020  
CTSNotEnabled                                   1                     486  
Disabled                                        2                     120  
Discard                                    698565               120314731  
EsfDrlDrop                                  17084                24538001  
EsfL4rBadConfig                                43                    7135  
EsfL4rTransSessLimit                    213311115             20978503385  
EssBadSessUidb                          981230537            429421181885  
EssIpsubDrop                                  821                  153155  
EssIpsubFsolDrop                       1064051312             82391294983  
EssIpsubKaDrop                               2247                  178976  
FirewallL4                               40238054              5143722005  
ForUs                                  2822729689            249953187490  
Icmp                                      1270770               122582374  
InjectErr                                       2                      16  
IpFormatErr                                  2525                  355489  
IpLispCfgErr                                   21                     966  
IpTtlExceeded                           294799640             21494268164  
IpsecInput                                   6474                 2558008  
Ipv4Acl                                    207469                17847420  
Ipv4Martian                                465222               103354715  
Ipv4NoAdj                               239178049             45590639754  
Ipv4NoRoute                                     1                      56  
Ipv4Unclassified                           136197                18775450  
Ipv4uRpfStrictFailed                        11439                 2084637  
MacMcastIpNonmcast                             40                    6614  
MaxIndirectExceeded                             5                   64440  
MpassErr                                        5                   64440  
NatIn2out                                33943336              3530338054  
NatOut2in                                  178637                98468006  
PppoeNoSession                               7255                 1899945  
PppoePktBadLen                                176                   43457  
PppoePktInvHdr                                174                   40101  
PuntPerCausePolicerDrops               1021281573            100876603809  
QosPolicing                          232622207446         310732102882299  
ReassBadLen                                   208                   13265  
ReassDrop                                26590362             33753258362  
ReassNoFragInfo                          52361171             72507691383  
ReassOverlap                                 4948                 2059820  
ReassTimeout                             24530385              1132661648  
ReassTooManyFrags                             375                  568168  
TailDrop                                272039969            272605702319  
TcpBadfrag                                     25                    2150  
TooManyLookupOce                             2346                 3289510  
UnconfiguredIpv4Fia                        765298               192576369  
UnconfiguredIpv6Fia                     934045691            198585097597  
UnconfiguredMplsFia                             2                     148  
Wred

And output from sh run including platform config is:

# show running-config | include platform
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core

I found that something like that was a bug, but only in older releases.

MHM Cisco World · ‎11-21-2023

Platform punt-intf rate 500

Or

Under interface

Punt-control enable 500

500 as I guess is max arp packet per sec you need

MHM

divadko · ‎11-21-2023

Thank you, but after changing it undee interface to any value i still receive this logs every minute:

Nov 21 19:28:10.933: %IOSXE-5-PLATFORM: F0: cpp_cp_svr: QFP:0.1 Thread:024 TS:00022357728973147335 %PUNT_INJECT-5-DROP_PUNT_CAUSE: punt policer drops packets, cause: arp (0x7) from Port-channel20.50

MHM Cisco World · ‎11-21-2023

Show platform hardware qfp active infrastructure punt statistics type punt-intf-drop latest

Share output of this long command

divadko · ‎11-21-2023

empty

#   Show platform hardware qfp active infrastructure punt statistics type punt-intf-drop latest 
Punt Intf Drop Statistics (lastest 1000 dropped packets):

      Interface                         Packets
  ----------------------------------------------

divadko · ‎11-21-2023

I have some drop counters only under: #Show platform hardware qfp active infrastructure punt statistics type punt-drop

Drop Counter ID   11     Drop Counter Name PUNT_PER_CAUSE_POLICER

  Counter ID  Punt Cause Name                           Packets          
  ---------------------------------------------------------------------
  000         Reserved                                  0                
  001         MPLS ICMP Can't Fragment                  0                
  002         IPv4 Options                              0                
  003         Layer2 control and legacy                 0                
  004         PPP Control                               0                
  005         CLNS IS-IS Control                        0                
  006         HDLC keepalives                           0                
  007         ARP request or response                   995962468        
  008         Reverse ARP request or repsonse           0                
  009         Frame-relay LMI Control                   0                
  010         Incomplete adjacency                      0                
  011         For-us data                               8060524          
  012         Mcast Directly Connected Source           0                
  013         Mcast IPv4 Options data packet            0                
  014         Skip egress processing                    0                
  015         MPLS TTL expired                          0                
  016         MPLS Reserved label (ie: 0-15)            0                
  017         IPv6 Bad hop limit                        0                
  018         IPV6 Hop-by-hop Options                   0                
  019         Mcast Internal Copy                       0                
  020         Generic QFP generated packet              0                
  021         RP<->QFP keepalive                        0                
  022         QFP Fwall generated packet                0                
  023         Mcast IGMP Unroutable                     0                
  024         Glean adjacency                           0                
  025         Mcast PIM signaling                       0                
  026         QFP ICMP generated packet                 0                
  027         Subscriber session control                0                
  028         Subscriber data switching back            0                
  029         RP handled ICMP                           0                
  030         RP injected For-us data                   0                
  031         Punt adjacency                            0                
  032         SBC RTP DTMF                              0                
  033         Pseudowire VCCV control channel           0                
  034         Generic QFP generated packet (keep GPM)   0                
  035         Ethernet slow protocol (ie: LACP, OAM)    0                
  036         Ethernet OAM Loopback                     0                
  037         UNUSED                                    0                
  038         SPA IPC packet                            0                
  039         Punt and replicate                        0                
  040         PPPoE control                             0                
  041         PPPoE session                             0                
  042         L2TP control                              0                
  043         IP Subscriber control (ie: FSOL, keepali  0                
  044         L2TP session                              0                
  045         BFD control                               0                
  046         MVPN non-RPF signaling packet             0                
  047         MVPN PIM signalling packet                0                
  048         Mcast punt to RP                          0                
  049         SBC generated packet                      0                
  050         IPv6 packet                               0                
  051         DMVPN NHRP redirect                       0                
  052         PFR monitored prefix logging              0                
  053         PFR top talkers logging                   0                
  054         PFR top talkers application logging       0                
  055         For-us control                            0                
  056         RP injected for-us control                0                
  057         QFP VTCP generated packet                 0                
  058         Layer2 bridge domain data packet          0                
  059         QFP Stile generated packet                0                
  060         IP subnet or broadcast packet             17552051

MHM Cisco World · ‎11-21-2023

Workaround for bug

platform punt-policer 60 40000

https://bst.cisco.com/bugsearch/bug/CSCvh79264

divadko · ‎11-21-2023

it will solve also an issue with arp?

MHM Cisco World · ‎11-21-2023

The arp is send as broadcast' so issue with any traffic broadcast receive by virtual Interface.

divadko · ‎11-21-2023

OK i appyled the rule but it is the same.

platform punt-policer subnet-bcast 40000

I am still receiving same log messages every minute.

I checked the drop counters and only the

007         ARP request or response                   996097238

has been changed. The type "60" none