cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3745
Views
0
Helpful
7
Replies

ASR9000 storm control logging

Hi all!

I enabled broadcast and multicast storm control on our core router ASR9010 under l2vpn. But in cause of storm router silently drops packets without any log messages. In configuration guides I didn't find any options for storm control logging. In common IOS storm control evenst are logged by default.

 

Thanks!

1 Accepted Solution

Accepted Solutions

I can support the request for CSCto76123, this really needs to be done!!

Here's the script, credits to vungurea from cisco. Please rename the script to .tcl
Note we use it in a L2VPN (PBB EVPN) environment.

 

Short summary how to use it:

1) installation

Copy script to router. Adjust aaa to your needs

mkdir harddisk:/scripts
copy <path to script> harddisk:/scripts

conf t
  event manager directory user policy harddisk:/scripts
  #aaa authorization eventmanager default local
  commit
end

 

2) Configure environment and run it.

Customize interval and threshold. I use interval 300 and threshold 1

Customize user, adjust to aaa config (may need to create local user)

conf t
 event manager environment EEM_DROP_CHECK_INTERVAL <interval>
 event manager environment EEM_DROP_THRESHOLD <threshold>
 event manager policy stormcontrol-drop-monitor.tcl username <username> persist-time infinite type user
 commit
end

 

The script logs syslog messages like that:

RP/0/RSP0/CPU0:Aug 20 03:02:19.209 CEST: tclsh[65789]: %HA-HA_EEM-5-ACTION_SYSLOG_LOG_NOTICE : stormcontrol-drop-monitor.tcl: Unknown_unicast traffic exceeded threshold 1p/300s on HDB-HOA02-1234-NCA-GN1-0567 Bundle-Ether10.1234 Exact value: 105

Values from this log message:

threshold 1 packet / interval 300s
bridge-domain name: HDB-HOA02-1234-NCA-GN1-0567
interface: Bundle-Ether10.1234
dropped packets by storm-control: 105

 

have fun, thanks to Vlad.

 

Greetings
Mathias Rufer

View solution in original post

7 Replies 7

Mathias Rufer
Level 1
Level 1

we had the same problem and got an EEM script that logs the drops after opening a TAC case.

 

Greetings

Mathias Rufer

Hi Mathias,

Can you provide me this script? We need to enable logging storm control.

Thanks!

hi vladimir,

you can take the script part of this article: https://supportforums.cisco.com/document/93456/asr9000xr-local-packet-transport-services-lpts-copp

you could modify the show command to get the counters, define the rate for threshold and alert as you require.

currently the cli doesn't natively show the rates per AC or PW, but there is a script in the shell for that also, I forgot what the dDTS was that implemented, but I know the (phenomenal) guy that made it from BXL TAC, I have forwarded the question to him to see if he can respond with his details.

cheers!

xander

I can support the request for CSCto76123, this really needs to be done!!

Here's the script, credits to vungurea from cisco. Please rename the script to .tcl
Note we use it in a L2VPN (PBB EVPN) environment.

 

Short summary how to use it:

1) installation

Copy script to router. Adjust aaa to your needs

mkdir harddisk:/scripts
copy <path to script> harddisk:/scripts

conf t
  event manager directory user policy harddisk:/scripts
  #aaa authorization eventmanager default local
  commit
end

 

2) Configure environment and run it.

Customize interval and threshold. I use interval 300 and threshold 1

Customize user, adjust to aaa config (may need to create local user)

conf t
 event manager environment EEM_DROP_CHECK_INTERVAL <interval>
 event manager environment EEM_DROP_THRESHOLD <threshold>
 event manager policy stormcontrol-drop-monitor.tcl username <username> persist-time infinite type user
 commit
end

 

The script logs syslog messages like that:

RP/0/RSP0/CPU0:Aug 20 03:02:19.209 CEST: tclsh[65789]: %HA-HA_EEM-5-ACTION_SYSLOG_LOG_NOTICE : stormcontrol-drop-monitor.tcl: Unknown_unicast traffic exceeded threshold 1p/300s on HDB-HOA02-1234-NCA-GN1-0567 Bundle-Ether10.1234 Exact value: 105

Values from this log message:

threshold 1 packet / interval 300s
bridge-domain name: HDB-HOA02-1234-NCA-GN1-0567
interface: Bundle-Ether10.1234
dropped packets by storm-control: 105

 

have fun, thanks to Vlad.

 

Greetings
Mathias Rufer

Hi Mathias!

Thank you for the script! Of cource storm control logging feature need to be implemented in the future software leleases. But at this time this script is a way out.

Thanks again!

Bryan Garland
Cisco Employee
Cisco Employee

Vladimir,

That is a good point and in fact we are looking at an enhancement to help here.  We have enhancement CSCto76123 filed for this.  Let me go and see if we can get some focus on getting this enhancement moving.  

Until then, the EEM script mentioned is probably your best bet.

Thanks,

Bryan

tdorssers
Level 1
Level 1

Hi

I have improved Vlad's script with new functionality:

  • Penalty counting of ACs dropping packets
  • Shutdown of AC or main interface if penalty threshold is exceeded
  • Monitoring of pseudo wires

Hope you like this script!

Regards,

Tim