Unknown protocol drops between Router 3925 and routed port (6504)

a-l-e-x · ‎07-31-2015

Hi all,

the "Unknown protocol drops" are increasing fast at our WAN Router...

This is my setup: 3925 GigabitEthernet0/0/0 <--> 6504VSS Gig1/3/44 connected directly with a optical fibre patch (multimode LC).

3925:

interface GigabitEthernet0/0/0
description ### lesx3350h131rz-vss Core ES1 Gi1/3/44 ###
ip address 10.2.2.50 255.255.255.252
ip flow monitor NetFlowMonitor input
ip ospf message-digest-key 10 md5 samething
ip ospf network point-to-point
media-type sfp
service-policy input MARKING

6504:

interface GigabitEthernet1/3/44
description to wan-router
no switchport
ip address 10.2.2.49 255.255.255.252
ip ospf message-digest-key 10 md5 samething
ip ospf network point-to-point

Do you have any good ideas and notices for me?

THANKS

----

At the 6504 Gig1/3/44 is no error

GigabitEthernet1/3/44 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 0008.e3ff.fc28 (bia 0008.e3ff.fc28)
Description: to wan-router
Internet address is 10.2.2.49/30
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is SX
input flow-control is off, output flow-control is on
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:02, output hang never
Last clearing of "show interface" counters 39w6d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 341000 bits/sec, 362 packets/sec
5 minute output rate 1607000 bits/sec, 317 packets/sec
L2 Switched: ucast: 2255536 pkt, 163838478 bytes - mcast: 2610171 pkt, 308895417 bytes
L3 in Switched: ucast: 4308731392 pkt, 623833862866 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 2796743155 pkt, 1387714351566 bytes mcast: 0 pkt, 0 bytes
     4314190498 packets input, 624480681276 bytes, 0 no buffer
     Received 3177186 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     2942425892 packets output, 1411302093802 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

But at our WAN Router:

GigabitEthernet0/0/0 is up, line protocol is up
Hardware is EHWIC-1GE-SFP-CU, address is f44e.0569.0903 (bia f44e.0569.0903)
Description: to core
Internet address is 10.2.2.50/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is SX
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:12:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1021000 bits/sec, 276 packets/sec
5 minute output rate 353000 bits/sec, 385 packets/sec
     192812 packets input, 87242183 bytes, 0 no buffer
     Received 207 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     256367 packets output, 29468172 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     106 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Richard Burts · ‎07-31-2015

This is not an uncommon issue. It is frequently caused by some protocol on the switch side (like Dynamic Trunking Protocol) that is not recognized on the router side.

HTH

Rick

HTH

Rick

a-l-e-x · ‎08-03-2015

Hi Rick,

thanks for your reply, but on other side of my router is a routed-port from 6504 (VSS) with the mentioned config...

Within 3 days there are already a lot more of these drops:

37161 unknown protocol drops

Regards

Alex

Richard Burts · ‎08-03-2015

Alex

My next suggestion would be to do a packet capture on the interface of your 3925 and see if it will identify the source and type of the unknown protocol packets.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎08-03-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Normally, setting a L3 switch port to "routed" disables most "special" L2 protocols that create unknown protocol drops on a "real" router port. It's possible the L3 switch is still sending something out the port that the router port doesn't recognize, or perhaps there's something both the L3 switch and router ports would recognize but there's a configuration difference issue. For example, I'm wondering if CDP or LLDP is enabled on the L3 switch but not the router, etc.

You many need to SPAN the L3 switch port and see what all it's transmitting.