Solved: i have a problem with output drop between 2960 (stack3) with forti

ilanmelkamo052621 · ‎10-07-2024

Hi everyone,

I'm facing an issue. I have two FortiGate devices connected in a cluster, and I have two sites connected via L2. The remote site is unable to reach the gateway, and I'm experiencing packet loss. On the 2960 switch, I can see packet loss on the LACP interface towards the FortiGate.

I have checked the infrastructure between the sites, and everything seems fine. I also checked QoS on the switch, and there is none configured. In a local test at the site where the firewall is located, everything works fine.

What could be the cause of the issue?

ilanmelkamo052621 · ‎10-07-2024

hey MHM

i attached the output with my 2960

Pelleg-2960-BB-SW#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 6
Number of aggregators: 6

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi2/0/14(P) Gi2/0/16(P) Gi3/0/11(P)
Gi3/0/12(P)
2 Po2(SU) LACP Gi2/0/18(P) Gi2/0/20(P) Gi3/0/13(P)
Gi3/0/14(P)
10 Po10(SD) LACP Gi1/0/1(D) Gi1/0/2(D) Gi2/0/1(D)
Gi2/0/2(D)
11 Po11(SD) LACP Gi1/0/5(D) Gi1/0/6(D) Gi2/0/5(D)
Gi2/0/6(D)
12 Po12(SD) -
20 Po20(SU) LACP Gi1/0/10(P) Gi1/0/12(P) Gi2/0/10(P)

Pelleg-2960-BB-SW#show interfaces port-channel 2 | section drop
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3644
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 2/0/18 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 331
0 unknown protocol drops

Pelleg-2960-BB-SW#
Pelleg-2960-BB-SW#
Pelleg-2960-BB-SW#show interfaces gigabitEthernet 2/0/20 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2673
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 3/0/13 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 640
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 3/0/14 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
0 unknown protocol drops

Pelleg-2960-BB-SW#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

View solution in original post

ilanmelkamo052621 · ‎10-07-2024

this is my topology

MHM Cisco World · ‎10-07-2024

Can I see

Show ether channel summary

MHM

ilanmelkamo052621 · ‎10-07-2024

hey MHM

i attached the output with my 2960

Pelleg-2960-BB-SW#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 6
Number of aggregators: 6

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi2/0/14(P) Gi2/0/16(P) Gi3/0/11(P)
Gi3/0/12(P)
2 Po2(SU) LACP Gi2/0/18(P) Gi2/0/20(P) Gi3/0/13(P)
Gi3/0/14(P)
10 Po10(SD) LACP Gi1/0/1(D) Gi1/0/2(D) Gi2/0/1(D)
Gi2/0/2(D)
11 Po11(SD) LACP Gi1/0/5(D) Gi1/0/6(D) Gi2/0/5(D)
Gi2/0/6(D)
12 Po12(SD) -
20 Po20(SU) LACP Gi1/0/10(P) Gi1/0/12(P) Gi2/0/10(P)

Pelleg-2960-BB-SW#show interfaces port-channel 2 | section drop
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3644
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 2/0/18 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 331
0 unknown protocol drops

Pelleg-2960-BB-SW#
Pelleg-2960-BB-SW#
Pelleg-2960-BB-SW#show interfaces gigabitEthernet 2/0/20 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2673
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 3/0/13 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 640
0 unknown protocol drops

Pelleg-2960-BB-SW#show interfaces gigabitEthernet 3/0/14 | section drops
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
0 unknown protocol drops

Pelleg-2960-BB-SW#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

Joseph W. Doherty · ‎10-07-2024

Do your LAG member interfaces show, roughy, equal usage and drops?

Switch QoS is disabled?

Joseph W. Doherty · ‎10-07-2024

Ah, those interface stats, of course, confirm drops, but without any context, as in relative to total packets offered.

They do show a disparity between member links, but over what time isn't provided either.

You've also confirmed QoS is disabled. BTW, for drops, usually, most drops to least drops is: default QoS => no QoS => custom QoS. Also BTW, the last might be as simple as increasing drop thresholds.

Also know, the 2960 series do not have much in the way of buffer hardware resources.

ilanmelkamo052621 · ‎10-07-2024

?