cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
45573
Views
20
Helpful
7
Comments
xthuijs
Cisco Employee
Cisco Employee

Introduction

In this articile I will describe the issue of unrecognized protocol drops reported on an interface on the ASR9000. Some steps for remediation are provide

and a few things to check before opening a tac case.

Core Issue

NMS stations looking at interface statistics may get confused or report unnecessary alarms when they are seeing "errors" on the interface. It is recognized that these protocol errors are not well documented and these are raising a larger then normal amount of support cases. In this article I am trying to describe when you see these errors reported and what you can do about it.

The following example shows what you might see:

RP/0/RSP0/CPU0:A9K-TOP#sh int te 0/3/0/0
Fri Mar  4 01:25:16.691 UTC
TenGigE0/3/0/0 is up, line protocol is up
  Interface state transitions: 3
  Hardware is TenGigE, address is 0026.9800.15b0 (bia 0026.9800.15b0)
  Layer 1 Transport Mode is LAN
  Internet address is Unknown
  MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
     reliability 255/255, txload 0/255, rxload 0/255
  Encapsulation ARPA,
  Full-duplex, 10000Mb/s, LR, link type is force-up
  output flow control is off, input flow control is off
  loopback not set,
  ARP type ARPA, ARP timeout 04:00:00
  Last input 00:00:00, output 00:00:00
  Last clearing of "show interface" counters 2d06h
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 2000 bits/sec, 3 packets/sec
     151224 packets input, 17290273 bytes, 0 total input drops
    3247 drops for unrecognized upper-level protocol
     Received 1 broadcast packets, 136817 multicast packets
              0 runts, 0 giants, 0 throttles, 0 parity
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     753409 packets output, 73257197 bytes, 0 total output drops
     Output 34 broadcast packets, 750081 multicast packets
     0 output errors, 0 underruns, 0 applique, 0 resets
     0 output buffer failures, 0 output buffers swapped out
     2 carrier transitions

Resolution

"Drops for unrecognized upper-level protocol" means that we've received
packets of a type that you haven't configured and therefore don't have a
handler for in the interface protocol handling chain.


That may be (and most likely is) expected and purely cosmetic.

Examples:

- other side (switch) has CDP configured but you don't have CDP configured on this end
- someone on the Ethernet is sending IS-IS hellos but you don't have IS-IS configured on this end
- someone on the Ethernet is sending IPv6 neigbor discovery packets but you don't have IPv6 configured on this end


It may be worth checking:
- do these packets increment periodically (i.e. one packet every 30 sec or so)?
- are there any obvious features (CDP is a good candidate) that you haven't configured but the far-end (switch, or if it's a crosslink, then
the connected peer) has?

Otherwise capture & decode the packets, and perhaps reviewing the config will already give the answer in a couple of seconds.

If a 7600/ 6500 port is connected to the ASR9000 and input error increment due to 'unrecognized upper-level protocol', then to avoid various l2 packets reaching ASR9000, you can use:

switchport nonegotiate - disable Dynamic Trunk Protocol (DTP) on the port

no cdp enable - to disable running Cisco Discovery Protocol (CDP)

no vtp - to disable sending VLAN Trunking Protocol(VTP) frame

spanning-tree bpdfilter enable - To enable BPDU filtering on the interface

UDLD: If you are running CatOS try “set udld disable x/y” or “udld port disable” under the interface if you have IOS on the 6500.

LLDP: (new addition) switches by default have lldp enabled that could be, like CDP, be perceived as an unrecognized upper level protocol on the ASR9000.

Related Information

n/a

Xander Thuijs - CCIE #6775

Sr Tech Lead ASR9000

Comments
Bryan Garland
Cisco Employee
Cisco Employee

Another common thing that will cause this to increase is keepalive packets from other IOS boxes.  You should notice this counter incrementing every 10 seconds with default settings. 

ivan_madolev
Level 1
Level 1

Hi Xander, how can i capture those packets locally on the  XR itself, i mean how can i filter them?

xthuijs
Cisco Employee
Cisco Employee

if you want to capture them and see the contents, you can use the SPP (software packet path) capture facility. More detail is in the cisco live ID 2904 presentation from Orlando 2013 and Sanfran 2014.

For filtering them, based on the protocol that causes this, it is either with an ACL, or defining an EFP that consumes them etc.

cheers

xander

ivan_madolev
Level 1
Level 1

Tnx Xander..i have used SPP btw  i have seen your article as well..:).The catchy part is that i cannot find where those drops go..i mean in witch counter under the NP.We have L2 VWLS cct /inter-region/ and when i ping i see those drops incrementing on the interfaces but i dont see any drops marked under the DROP counters on NP..:).I guess i you said is just "cosmetic" thing.

Cheers,

 

Ivan

hassane
Level 1
Level 1

Hi Xander,

 

Thank you for your post.
I see these same drops on my ASR9K equipment with packet loss when pinging an interconnection.
I have configured different MTU values with no matching result
Do you think the losses of parquet floors are due to these drops?

Thu Jan  3 15:42:46.285 MET
interface TenGigE0/2/0/1.710
 bandwidth 1000000
 vrf XXX@YYYY
 ipv4 address xx.xx.xx.xx 255.255.255.254
 encapsulation dot1q 710
!

Thu Jan  3 15:42:37.818 MET
TenGigE0/2/0/1.710 is up, line protocol is up
  Interface state transitions: 1
  Hardware is VLAN sub-interface(s), address is 40ce.2459.aff9
  Internet address is 193.251.138.13/31
  MTU 4484 bytes, BW 1000000 Kbit (Max: 10000000 Kbit)
     reliability 255/255, txload 8/255, rxload 0/255
  Encapsulation 802.1Q Virtual LAN, VLAN Id 710,  loopback not set,
  Last link flapped 4w1d
  ARP type ARPA, ARP timeout 04:00:00
  Last input 00:00:00, output 00:00:00
  Last clearing of "show interface" counters 04:24:51
  5 minute input rate 260000 bits/sec, 207 packets/sec
  5 minute output rate 346822000 bits/sec, 53402 packets/sec
     3262982 packets input, 505731747 bytes, 0 total input drops
     574 drops for unrecognized upper-level protocol<===========================
     Received 0 broadcast packets, 574 multicast packets
     827404907 packets output, 683607202420 bytes, 0 total output drops
     Output 0 broadcast packets, 0 multicast packets

    
    
Thu Jan  3 15:44:30.850 MET
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to XXX.XXX.XXX.XXX, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!.!!
!!!!.!!!!.!!!!!!!!!!!!.!!!!!!!
Success rate is 94 percent (94/100), round-trip min/avg/max = 195/195/197 ms

 

 

cheers

dineshgawde
Level 1
Level 1

Will these Drops affect UDP traffic or Packets? 

I have an issue where one of our customers is facing a UDP Packet drops issue and L2 media is clean. 

I had found these drops on one of our Core Router on the Bundle interface 

Please advise 

Thank you 

Bubba Sherrill
Level 1
Level 1

Maybe I missing something here.  I agree that the drops for unrecognized frame have a high probability of being the 3 packet types you gave examples of.  The question I have is this, it's a dropped packet.  From what I understand, that packet is dropped.  When you perform a capture, that packet is already dropped before it can be mirrored. I haven't used SPP (software packet path) capture facility (but will and see if I'm seeing the same).  The only way to truly "capture" that dropped packet is with an inline tap (from my years of experience).   

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links