cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1137
Views
15
Helpful
24
Replies
ZainChaudhry
Beginner

Packets dropped on port-channel c9300

Hi guys, 

I have a scenario in the data centre where I have catalyst c9300 connected to the firewall. Two ports on c9300 are on port-channel LACP active mode where the ports on the firewall are LACP passive. I am seeing packets dropped on one of the switch interfaces that is part of the port channel and I am not sure why.

 

Could this be because of LACP config not matching on both devices?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

does your monitoring tool allow you to see the exact traffic patterns, that is, between which hosts the traffic is flowing ?

 

The 'port-channel load-balance' command has a lot of options, you could also try:

 

dst-mixed-ip-port

 

Either way, it would be very useful to find out where the (only) inbound traffic on GigabitEthernet2/0/3 is going to...

View solution in original post

24 REPLIES 24
Leo Laohoo
VIP Community Legend

What "drops?  Total Output Drops?

Hi Leo,

 

Two ports are bundled in port-channel 1/0/3 and 2/0/3. Output drops can only be seen on one port on 1/0/3. Please see below

 

Capture.PNG

Capture.PNG

 

Thanks,

Show us the config for the Etherchannel. 

GSUISW01#sh run interface port-channel 2
Building configuration...

Current configuration : 150 bytes
!
interface Port-channel2
description Portchannel to FW port ae1
switchport trunk allowed vlan 1000,4000,4003,4008,4010
switchport mode trunk
end

 

GSUISW01#sh run interface gigabitEthernet 1/0/3
Building configuration...

Current configuration : 203 bytes
!
interface GigabitEthernet1/0/3
description "Uplink to PA-port1"
switchport trunk allowed vlan 1000,4000,4003,4008,4010
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
end

 

GSUISW01#sh run interface gigabitEthernet 2/0/3
Building configuration...

Current configuration : 203 bytes
!
interface GigabitEthernet2/0/3
description "Uplink to PA-port2"
switchport trunk allowed vlan 1000,4000,4003,4008,4010
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
end

 

Hello,

 

it looks like the load on interface GigabitEthernet1/0/3 is a lot higher than that of the other interface.

 

The default load distribution is based on the source-MAC address of the incoming packet. You might want to change that to e.g.
destination-MAC address, and monitor if the load is distributed more evenly.

 

C9300(config)# port-channel load-balance dst-mac

 

 

Hi Georg,


Thanks for your comments.

 

There is one more thing that I would like to highlight is that on my bandwidth monitoring tool port 2/0/3 is not sending any traffic outbound to the firewall. It is receiving the packets though. Whereas port 1/0/3 is both outbound and inbound.

Not sure why.

 

Regards,

Hello,

 

does your monitoring tool allow you to see the exact traffic patterns, that is, between which hosts the traffic is flowing ?

 

The 'port-channel load-balance' command has a lot of options, you could also try:

 

dst-mixed-ip-port

 

Either way, it would be very useful to find out where the (only) inbound traffic on GigabitEthernet2/0/3 is going to...

View solution in original post

Hi,

 

Yes, exactly. If this is a link between a firewall and some kind of router it would not make sense to load-balance on destination or source MAC as it would be the same for all packets. 

The load-balancing algorithm needs to be moved higher up in the OSI model.

 

According to the destination the best option would be to use: src-dst-mixed-ip-port

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/b_166_lyr2_lyr3_9300_cg/b_166_lyr2_lyr3_9300_cg_chapter_011.html

 

Take a look at this article: https://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html

HI Rasmus,

 

This is the link between switch C9300 and the firewall.

Hi,

 

Yes, but it seems like the traffic is coming from the same layer 3 network device, since it is all hitting the same LAG interface.

So my suggestion to move the load balancing algorithm up the OSI model still stands

Hi Rasmus,

the switch is only doing L2 and no routing. Can I still use src-dst-mixed-ip-port??

 

thanks 

Hi, 

 

Yes, I would think so. The switch is only making a bit matching of the headers. Try it out and see if it makes a better polarization.

And let us know how it goes.

HI Rasmus,

I have set the load-balancing to src-dst-mixed-ip-port and it has resolved the issue.

 

Thanks a lot for your help.

Hi,

Great news, Glad you got it to work.