08-23-2020 03:46 PM
I ran the Cisco CLI Analyzer tool on one of our switches and it recommended running the following commands. This also matches monitoring tools indicating errors/drops on the switch. My question is, is there anything I can do about this to reduce drops or is this expected behavior? This is a C9300-48P on IOS-XE 16.8.1a
#show platform software fed switch active cpu-interface queue retrieved dropped invalid hol-block ------------------------------------------------------------------------- Routing Protocol 283656849 0 0 0 L2 Protocol 533674587 0 0 0 sw forwarding 1123 0 0 0 broadcast 987212131 53991979 0 0 icmp gen 0 0 0 0 icmp redirect 0 0 0 0 logging 0 0 0 0 rpf-fail 0 0 0 0 DOT1X authentication 796526 0 0 0 Forus Traffic 698219629 0 0 0 Forus Resolution 55125575 0 0 0 Inter FED 0 0 0 0 L2 LVX control 0 0 0 0 EWLC control 0 0 0 0 EWLC data 0 0 0 0 L2 LVX data 0 0 0 0 Learning cache 0 0 0 0 Topology control 92 0 0 0 Proto snooping 4231584 0 0 0 DHCP snooping 0 0 0 0 Transit Traffic 0 0 0 0 Multi End station 13825021 0 0 0 Webauth 3466696 0 0 0 Crypto control 0 0 0 0 Exception 0 0 0 0 General Punt 0 0 0 0 NFL sampled data 0 0 0 0 Low latency 0 0 0 0 EGR exception 0 0 0 0 FSS 0 0 0 0 Multicast data 0 0 0 0 Gold packet 0 0 0 0 #show platform hardware fed sw active fwd-asic drop exception ****EXCEPTION STATS ASIC INSTANCE 0 (asic/core 0/0)**** ================================================================================= Asic/core | NAME | prev | current | delta ================================================================================= 0 0 NO_EXCEPTION 29039141765 29056108835 16967070 0 0 IPV4_CHECKSUM_ERROR 0 0 0 0 0 ROUTED_AND_IP_OPTIONS_EXCEPTION 2638368 2642184 3816 0 0 CTS_FILTERED_EXCEPTION 0 0 0 0 0 SIA_TTL_ZERO 0 0 0 0 0 ALLOW_NATIVE_EXCEPTION_COUNT 0 0 0 0 0 ALLOW_DOT1Q_EXCEPTION_COUNT 0 0 0 0 0 ALLOW_PRIORITY_TAGGED_EXCEPTION_COUNT 0 0 0 0 0 ALLOW_UNKNOWN_ETHER_TYPE_EXCEPTION 0 0 0 0 0 IP_SOURCE_GUARD_VIOLATION 0 0 0 0 0 SECURE_L3IF_LEARNING_VIOLATION 0 0 0 0 0 AUTH_DRIVEN_DROP 139807 139831 24 0 0 VLAN_LOADBALANCE_GROUP_DENY 0 0 0 0 0 RPF_UNICAST_FAIL 0 0 0 0 0 RPF_UNICAST_FAIL_SUPPRESS 0 0 0 0 0 RPF_UNICAST_CHECK_INCOMPLETE 0 0 0 0 0 RPF_MULTICAST_FAIL 0 0 0 0 0 PKT_DROP_COUNT 149973 150002 29 0 0 SOURCE_ROUTE_EXCEPTION 23 23 0 0 0 IGR_MISC_FATAL_ERROR 1290 1290 0 0 0 BLOCK_FORWARD 148652 148681 29 0 0 POLICER_DROP 0 0 0 0 0 DENY_ROUTE 0 0 0 0 0 DENY_BRIDGE 0 0 0 0 0 STATIC_MAC_VIOLATION 0 0 0 0 0 STATIC_IP_VIOLATION 0 0 0 0 0 FPM_DROP_PACKET 0 0 0 0 0 IGR_EXCEPTION_L4_ERROR 3223830107 3224161936 331829 0 0 IGR_EXCEPTION_L5_ERROR 6727 6728 1 0 0 IGR_EXCEPTION_HARDWARE_PARSE_EXCEPTION 0 0 0 0 0 IGR_EXCEPTION_INVALID_VLAN_DROP 0 0 0 0 0 IGR_EXCEPTION_31 0 0 0 0 0 FRAGMENTING_IPV4_WITH_OPTIONS 0 0 0 0 0 FRAGMENTING_IPV6_WITH_EXTENSIONS 0 0 0 0 0 ICMP_REDIRECT 0 0 0 0 0 MTU_FAIL_PUNT_TO_CPU_NO_IP_UNREACHABLE 0 0 0 0 0 LINK_LOCAL_CHECK_FAIL_NO_IP_UNREACHABLE 0 0 0 0 0 IP_UNICAST_TTL_REACHED_ZERO 0 0 0 0 0 MISC_FATAL_ERROR 0 0 0 0 0 STP_OR_FLEXLINK_DROP 29 29 0 0 0 PROTECTED_PORT_DROP 0 0 0 0 0 PVLAN_ISOLATED_CHECK_FAILED 0 0 0 0 0 PVLAN_COMMUNITY_CHECK_FAILED 0 0 0 0 0 DEJA_VU_CHECK_FAILED 334462 336782 2320 0 0 NOT_VLAN_LOAD_BALANCE_GROUP_ALLOWED 0 0 0 0 0 RSPAN_DROP 0 0 0 0 0 SPLIT_HORIZON_DROP 0 0 0 0 0 SYSTEM_TTL_DROP 0 0 0 0 0 PRUNED 0 0 0 0 0 DENY_NO_IP_UNREACHABLE 0 0 0 0 0 IP_MULTICAST_TTL_REACHED_ZERO 0 0 0 0 0 MTU_FAIL_DROP_BRIDGED 0 0 0 0 0 MTU_FAIL_DROP_BRIDGED_IP_ROUTED 0 0 0 0 0 MTU_FAIL_ERSPAN 0 0 0 0 0 LINK_LOCAL_CHECK_FAIL_L3M_VALID 0 0 0 0 0 MTU_FAIL_PUNT_TO_CPU_NOT_NO_IP_UNREACHABLE 0 0 0 0 0 LINK_LOCAL_CHECK_FAIL_NOT_NO_IP_UNREACHABLE 0 0 0 0 0 COPY_TO_CPU 0 0 0 0 0 EGR_L3_ERROR 0 0 0 0 0 EGR_L4_ERROR 191779062 192044325 265263 0 0 EGR_L5_ERROR 41312 41312 0 0 0 EGR_HARDWARE_PARSE_EXCEPTION 0 0 0 0 0 EGR_SHOW_FORWARD_DROP 0 0 0 0 0 SGT_CACHING_NEEDED 0 0 0
08-24-2020 12:07 AM
Hello,
can you post the configuration of the switch ?
One thing you could try is to use the command:
qos queue-softmax-multiplier 1200
which basically absorbs micro-bursts that could overload port queues. Not sure if that helps in your case. Other than that, have a look at the two links below:
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKARC-3190.pdf
08-24-2020 04:08 PM
Any specific part of a config you're interested in seeing? there's a lot and I'd have to redact some info.
08-24-2020 11:35 PM
Hello,
if you can identify the interfaces that have errors (sh interfaces x) and post the output, that could render some hints.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide