Nexus 7000 : hardware rate-limiter question (layer-3 glean)

LaurentLF · ‎03-15-2012

Hi,

When having a look at the hardware rate-limit counters of one of our nexus 7010, I have noticed dropped on various class but especially layer-3 glean packets.

show hardware rate-limiter layer-3 glean

Units for Config: packets per second

Allowed, Dropped & Total: aggregated since last clear counters

Rate Limiter Class Parameters

------------------------------------------------------------

layer-3 glean Config : 100

Allowed : 676722671

Dropped : 1115484297

Total : 1792206968

and this is increasing rather quickly. I have to admit I am not sure to understand what is really layer-3 "glean" packets so I am wondering if this kind of behaviour is normal and what can be the impact of a high number of dropped packet in that category ?

Thanks,

Laurent

Matthew Blanshard · ‎03-15-2012

Hello Laurent,

Glean is when a packet is sent to the CPU to generate an ARP entry because there is none for the destination IP of the packet. An example would be a packet where the destination IP is 192.168.1.200 when you have 192.168.1.0/24 on a vlan interface. If the PC was turned off then any packets destined to that ip address would be sent to the CPU for Glean and subject to that rate limiter.

-Matt

LaurentLF · ‎03-19-2012

Hello Matthew,

Thanks for the reply.

So, given the high number of dropped packets in this "Rate Limiter Class" that means that very frequently the Nexus finds no arp entry for IPs and sends the packets to the CPU where they are often dropped by the limiter, right ?

Is the original packet dropped in that case or does the Nexus retries the "Glean process" until it gets a reply / exceed some timeouts ?

Thanks,

Laurent

Oleksandr Nesterov · ‎03-15-2012

Hi Laurent

As a fisrt step you can try to disable ip redirects on your svi interfaces.

HTH,

ALex