Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
1
Replies

Flowspec problems in NCS5500

j.restaino
Level 1
Level 1

‎03-05-2024 01:13 PM

Hello,

I am implementing flowspec on an NCS 5500, I accept the rules through eBGP. I am having problems because although I receive the routes correctly and I see that the TCAM has entries. The problem is that I am observing that the entries are not having an effect. I observe that the traffic reaches the destination correctly and observing the traffic in the show flowspec vrf Internet afi-all detail, I see that some rules have matches, but others to which I am sending test traffic do not have them when they should have them.

The cards I am using in my NCS5500 are NC55-MOD-A-SE-S, NC55-MPA-4H-S and the IOS XR version is 7.3.1

As an example I am sending udp traffic to port 80 to IP 192.168.149.1, however I am not having any matches

Flow :Dest:192.168.149.1/32,Proto:=17,DPort:=80
Actions :Traffic-rate: 0 bps (bgp.1)
Statistics (packets/bytes)
Matched : 0/0
Transmitted : 0/0
Dropped : 0/0

RP/0/RP0/CPU0:router#show flowspec vrf Internet afi-all summ
Tue Mar 5 17:21:45.910 GMT+3
Flowspec VRF+AFI table summary:
VRF: Internet
AFI: IPv4
Total Flows: 80
Total Service Policies: 0
VRF: Internet
AFI: IPv6
Total Flows: 0
Total Service Policies: 0

RP/0/RP0/CPU0:router#show controllers npu externaltcam location 0/0/CPU0
Mon Mar 4 11:55:34.833 GMT+3
External TCAM Resource Information
=============================================================
NPU Bank Entry Owner Free Per-DB DB DB
Id Size Entries Entry ID Name
=============================================================
0 0 80b FLP 5273675 954911 0 IPv4 UC
0 1 80b FLP 0 0 1 IPv4 RPF
0 2 160b FLP 4303056 193665 3 IPv6 UC
0 3 160b FLP 0 0 4 IPv6 RPF
0 4 320b FLP 4086 10 5 IPv6 MC
0 5 80b FLP 4096 0 52 INGRESS_IPV4_SRC_IP_EXT
0 6 80b FLP 4096 0 53 INGRESS_IPV4_DST_IP_EXT
0 7 160b FLP 4096 0 54 INGRESS_IPV6_SRC_IP_EXT
0 8 160b FLP 4096 0 55 INGRESS_IPV6_DST_IP_EXT
0 9 80b FLP 4096 0 56 INGRESS_IP_SRC_PORT_EXT
0 10 80b FLP 4096 0 57 INGRESS_IPV6_SRC_PORT_EXT
0 11 320b FLP 3575 521 59 INGRESS_FLOWSPEC_IPV4

RP/0/RP0/CPU0:router#show dpa resources ippbr location 0/1/CPU0
Mon Mar 4 11:52:26.692 GMT+3

"ippbr" OFA Table (Id: 183, Scope: Global)
--------------------------------------------------

OFA Infra Stats Summary
Create Requests: 311
Delete Requests: 255
Update Requests: 0
Get Requests: 0

Backwalk Stats
Update Requests: 0
Update Skipped: 0

Errors
Resolve Failures: 0
Not Found in DB: 0
Exists in DB: 0
No Memory in DB: 0
Reserve Resources: 0
Release Resources: 0
Update Resources: 0
Retry Attempts: 0
Recovered from error: 0
Errors from bwalk: 0

NPU ID: NPU-0
Create Server API Err: 0
Update Server API Err: 0
Delete Server API Err: 0

I am attaching the relevant configuration

If anyone can help me I will be very grateful.

Regards
José

Labels:
Preview file
2 KB
0 Helpful
1 Reply 1

j.restaino
Level 1
Level 1

‎03-11-2024 06:30 AM

Hi, i still have the problem. I already open a case with my Cisco partner but they didn´t give me a response yet. I will appreciate if somebody could help me.

Regards
José

0 Helpful
Customers Also Viewed These Support Documents