My pair of Nexus 6K started giving a poor rate of response to ping messages a couple of days ago. Any SVI's IP address seeing 10 to 30% loss. These pings can come from any attached device. After some googling I came across an article discussing COPP and the management plane. As you can see the violation counts are enormous. Can someone comment on what all might be affected by all of these violations? The glean, the managemenet, the ICMP? 1 Trillion glean violations? What's that about??
CORE01# show policy-map interface control-plane
service-policy input: copp-system-policy-default
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo
police cir 64 kbps , bc 3600000 bytes
conformed 8288620692 bytes; action: transmit
violated 4516708125 bytes;
class-map copp-system-class-mgmt (match-any)
match protocol mgmt
police cir 12000 kbps , bc 4800000 bytes
conformed 46088413527 bytes; action: transmit
violated 407694 bytes;
class-map copp-system-class-glean (match-any)
match protocol glean
police cir 1024 kbps , bc 4800000 bytes
conformed 2127766816163 bytes; action: transmit
violated 928772812253 bytes;
ICMP violations increment around 9MB every five minutes. Advice appreciated!
CoPP usually does not block ICMP and even if it does, it is never this high. So, There is probably something causing this. Try opening a case with Cisco as it could be software related.
While I'm waiting for TAC to reply - could the violations come from a DoS attack or virus? How would you be able to tell?