Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
5
Helpful
3
Replies

Nexus 6K switches not replying to pings - Interpreting COPP violations

CiscoMedMed
Level 1
Level 1

‎03-19-2020 04:28 PM - edited ‎03-19-2020 04:47 PM

My pair of Nexus 6K started giving a poor rate of response to ping messages a couple of days ago. Any SVI's IP address seeing 10 to 30% loss. These pings can come from any attached device. After some googling I came across an article discussing COPP and the management plane. As you can see the violation counts are enormous. Can someone comment on what all might be affected by all of these violations? The glean, the managemenet, the ICMP? 1 Trillion glean violations? What's that about??

 

CORE01# show policy-map interface control-plane

Control Plane

  service-policy  input: copp-system-policy-default

 

class-map copp-system-class-icmp-echo (match-any)

      match protocol icmp_echo

      police cir 64 kbps , bc 3600000 bytes

        conformed 8288620692 bytes; action: transmit

        violated 4516708125 bytes;

 

class-map copp-system-class-mgmt (match-any)

      match protocol mgmt

      police cir 12000 kbps , bc 4800000 bytes

        conformed 46088413527 bytes; action: transmit

        violated 407694 bytes;

 

    class-map copp-system-class-glean (match-any)

      match protocol glean

      police cir 1024 kbps , bc 4800000 bytes

        conformed 2127766816163 bytes; action: transmit

        violated 928772812253 bytes;

 

ICMP violations increment around 9MB every five minutes. Advice appreciated!

 

 

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-19-2020 06:04 PM

CoPP usually does not block ICMP and even if it does, it is never this high. So, There is probably something causing this. Try opening a case with Cisco as it could be software related.

HTH

CiscoMedMed
Level 1
Level 1
In response to Reza Sharifi

‎03-19-2020 06:06 PM

Thanks Reza. I'll get a ticket open. 

0 Helpful

CiscoMedMed
Level 1
Level 1
In response to Reza Sharifi

‎03-19-2020 07:12 PM

While I'm waiting for TAC to reply - could the violations come from a DoS attack or virus? How would you be able to tell?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card