Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
3
Replies

Radius timeouts on ASR 9906

alex.blaeuer
Level 1
Level 1

‎10-24-2022 01:44 AM

I am experiencing timeouts on one of the two configured RADIUS servers. When trying to trace the packets with packet-trace on the router, I see that a answer is received, but is getting drop.

Conditions:
! IPv4 Source IP 10.8.1.12 (RADIUS server with timeouts)
packet-trace condition 1 Offset 30 Value 0x0a08010c Mask 0xffffffff
! IPv4 Destination IP 10.5.128.1 (RADIUS Source Interface)
packet-trace condition 2 Offset 34 Value 0x0a058001 Mask 0xffffffff

RP/0/RSP0/CPU0:mv2-csl-c2-mpe-02#sh packet-trace results 
Sun Oct 23 15:55:03.818 AST
T: D - Drop counter; P - Pass counter
Location | Source | Counter | T | Last-Attribute | Count 
------------ ------------ ------------------------- - ---------------------------------------- ---------------
0/0/CPU0 NP1 PACKET_MARKED P HundredGigE0_0_0_6 20 
0/0/CPU0 NP1 PACKET_FROM_FAB_INJECT P 20 
0/0/CPU0 NP1 PACKET_TO_FABRIC P 20 
0/0/CPU0 NP1 PACKET_TO_PUNT P 20 
0/0/CPU0 SPP-PI CLIENT_PUNT_SUCCESS P stage1 21 
0/0/CPU0 NETIO-PI PUNT_DROP D packet_input 21 
0/0/CPU0 NETIO-PI BYPASS_IN_COUNT P netio_send_pulse_punt 21 
0/0/CPU0 spp-LIB ENTRY_COUNT P SPP PD Punt: stage1 21 
0/0/CPU0 netio-LIB ENTRY_COUNT P NETIO PD Punt: rx_from_fabric 21 
0/0/CPU0 NP1 PACKET_FROM_FABRIC P 20 
0/RSP0/CPU0 SPP-PI CLIENT_PUNT_SUCCESS P stage1 21 
0/RSP0/CPU0 NETIO-PI BYPASS_MUT_QFULL_DROP D packet_input_bypass 21 
0/RSP0/CPU0 NETIO-PI IP_COUNT P netio_send_pulse_input 21 
0/RSP0/CPU0 spp-LIB ENTRY_COUNT P SPP PD Punt: stage1 21 
0/RSP0/CPU0 netio-LIB ENTRY_COUNT P lpts_decaps_pak_in 63 
0/RSP0/CPU0 udp-LIB ENTRY_COUNT P ip lib - input from netio 42 
0/RSP0/CPU0 spp-LIB EXIT_COUNT P SPP PD Inject: injectfun 21 
0/RSP0/CPU0 netio-LIB EXIT_COUNT P NETIO PD Inject: transmit_pak 21 
0/RSP0/CPU0 netio-LIB DROP_COUNT D lpts_ifib_local_for_rejects 21 
0/RSP0/CPU0 UDP RECV_DROP D udp-reinj-lpts drop 21

When doing the trace for the other RADIUS server, the output looks much better.

Conditions:
! IPv4 Source IP 10.8.1.22  (RADIUS server which in working)
packet-trace condition 1 Offset 30 Value 0x0a080116 Mask 0xffffffff
! IPv4 Destination IP 10.5.128.1 (RADIUS Source Interface)
packet-trace condition 2 Offset 34 Value 0x0a058001 Mask 0xffffffff

RP/0/RSP0/CPU0:mv2-csl-c2-mpe-02#sh packet-trace results 
Sun Oct 23 16:02:34.578 AST
T: D - Drop counter; P - Pass counter
Location | Source | Counter | T | Last-Attribute | Count 
------------ ------------ ------------------------- - ---------------------------------------- ---------------
RP/0/RSP0/CPU0:mv2-csl-c2-mpe-02#sh packet-trace results 
Sun Oct 23 16:03:01.089 AST
T: D - Drop counter; P - Pass counter
Location | Source | Counter | T | Last-Attribute | Count 
------------ ------------ ------------------------- - ---------------------------------------- ---------------
0/0/CPU0 NP0 PACKET_MARKED P HundredGigE0_0_0_0 6 
0/0/CPU0 NP1 PACKET_MARKED P HundredGigE0_0_0_7 1 
0/0/CPU0 NP0 PACKET_TO_FABRIC P 6 
0/0/CPU0 NP1 PACKET_TO_FABRIC P 1 
0/RSP0/CPU0 SPP-PI CLIENT_PUNT_SUCCESS P stage1 9 
0/RSP0/CPU0 NETIO-PI BYPASS_MUT_QFULL_DROP D packet_input_bypass 9 
0/RSP0/CPU0 NETIO-PI IP_COUNT P netio_send_pulse_input 9 
0/RSP0/CPU0 spp-LIB ENTRY_COUNT P SPP PD Punt: stage1 9 
0/RSP0/CPU0 netio-LIB ENTRY_COUNT P lpts_npmb_ipv4_delivers 27 
0/RSP0/CPU0 udp-LIB ENTRY_COUNT P ip lib - input from netio 18 
0/RSP0/CPU0 UDP RECV_NETIO_MANY_RRCVD P udp deliver many-rx 9 
0/RSP0/CPU0 UDP RECV_RQUEUED P udp deliver - xipcwrite 9

I do not understand where and why the packets are getting drop, since a regular ping to both servers is working. The packets are sent out the same interface, but are received on diffrent interfaces.
It is the same for NTP, where just one out of three servers is working.

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎10-24-2022 03:56 AM

Hello,

could be related to control plane protection. Can you post the output of:

show lpts pifib hardware police location 0/0/CPU0
show running-config lpts pifib hardware police location 0/0/CPU0
show lpts pifib hardware entry brief location 0/1/CPU0
show lpts punt excessive-flow-trap information

?

0 Helpful

alex.blaeuer
Level 1
Level 1
In response to Georg Pauwen

‎10-24-2022 04:43 AM

Hi Georg,

Thanks for the reply. I put the output in the attachment.

Best regards,
Alex

Preview file
20 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to alex.blaeuer

‎10-24-2022 09:17 AM

Hello,

I don't see any related drops in the output...

I have looked at the Cisco Live presentation linked below, one of the Agenda items are 'drops' troubleshooting (page 8), you might want to look through this...

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/TECSPG-3001.pdf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card