COPP drops Nexus 9k

adeboick1 · ‎01-16-2016

Hi All,

Can anyone advise how to go about finding what is responsible for the drops in this copp class-map? I suspect this my be impacting hosts in vlans where this switch is def gateway. We have two 9k with VPCs.

I did a ethanalyzer capture with "arp" filter and only seeing 10-20pps. Not the packet counts seen in below output.

Filtering by ethtype 0x888e or host MAC 0180.c200.0003 yields nothing.

Note: copp stats were cleared 1 min before this..

class-map copp-system-p-class-normal (match-any)
match access-group name copp-system-p-acl-mac-dot1x
match protocol arp
set cos 1
police cir 1500 pps , bc 32 packets
module 1 :
transmitted 2977 packets;
dropped 3440 packets;

MAC access list copp-system-p-acl-mac-dot1x
10 permit any 0180.c200.0003 0000.0000.0000 0x888e

Philip D'Ath · ‎01-17-2016

I'm not that familiar with Nexus.

Cap you do a capture of everything to the listed MAC address, rather than just arp?

I have seen issues like this before when there were routing loops, and large numbers of ICMP ttl exceeded messages were being generated.

Ganesh Hariharan · ‎01-17-2016

Hello,

The control plane policing (CoPP) feature increases security on the switch by protecting the RP from unnecessary or DoS traffic and giving priority to important control plane and management traffic. The PFC3 and DFC3 provide hardware support for CoPP. CoPP works with the PFC3 rate limiters.

To monitors the COPP packets try issuing below commands

show policy-map control-plane

show access-lists coppacl-bgp

Have a look on the link which gives more insight on guidelines and monitoring of COPP packets on Nexus family switches.

Hope it Helps..

-GI