Observing increment in unknown protocol drops on C2911/K9 router.

mahendarec@123 · ‎01-26-2022

Hello Dear Friends,

Observing increment in unknown protocol drops on C2911/K9 router Gig0/2 interface where IS cable is connected,I have checked tx / rx load is normal,reliability is good, not found input/output/CRC errors.

We are not observing drops towards the internet but only observing huge packet drops to the networks which are configured in Datacenter, please find the below diagram and interface logs.Please check and guide me.

GigabitEthernet0/2 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 003a.7d9c.63b2 (bia 003a.7d9c.63b2)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 2d01h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3102
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 132000 bits/sec, 242 packets/sec
5 minute output rate 134000 bits/sec, 241 packets/sec
101861108 packets input, 937563595 bytes, 0 no buffer
Received 534832 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 38 multicast, 0 pause input
75094422 packets output, 933701169 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
90557 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
3 lost carrier, 0 no carrier, 7307049 pause output
0 output buffer failures, 0 output buffers swapped out

Leo Laohoo · ‎01-26-2022

Is G0/2 configured as an 802.1Q Trunk port?
If it is, Unknown Protocol Drop is because of DTP.

Flavio Miranda · ‎01-26-2022

Hi

Do you have CDP enable? This can be one device with CDP enable send packets while this device does not have CDP. The same for IPv6.

Another approach would a sniffer on the interface.

Seb Rupik · ‎01-26-2022

Hi there,

The number of drops are small compared to the overall in/out numbers on the interface.

Being that you are connected to a switch these are most likely DTP, VTP or LLDP/CDP. Run a packet capture on the interface to be sure.

cheers,

Seb.

mahendarec@123 · ‎01-26-2022

Hello my dear friends,

Thanks for your responses.

@leo:

it's not a trunk port plese refer the below config.

It's not only concern about the unknown protocol drops, if the drops are because of DTP, when we are pinging to the DC server IP we are observing the

packet drops but when we are pinging to the 8.8.8.8 and google.com, we are not observing any drops this is bit confusing me.

interface GigabitEthernet0/2
no ip address
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
end

@flavio:

I have stopped the cdp. i will observe it.

router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#inter GigabitEthernet0/2
router(config-if)#no cdp ?
enable Enable CDP on interface
filter-tlv-list Apply tlv list filter on interface
log Log messages generated by CDP
tlv Enable exchange of specific tlv information

router(config-if)#no cdp e
router(config-if)#no cdp enable
router(config-if)#

@seb:

I have stoped the cdp and no DTP,VTP,LLDP / CDP configured.

Could you explain with sample config to run the capture on the interface to be sure.

Squozen_EU · ‎01-27-2022

This isn't reporting packet drops OUTBOUND, it's reporting packets that the 2911 is receiving INBOUND and dropping. Therefore, disabling protocols on the 2911 will INCREASE the amount of unknown packets being dropped.

I wouldn't personally concern myself with it, I think you are looking in the wrong area. An unknown packet by definition is something that the router doesn't know what to do with, so it's not an indication of intentional traffic being dropped.