Thousands of Netio drops

wblackcenic · ‎08-16-2016

Using the command "show drops all ongoing location [LOCATION]", we are seeing hundreds of thousands of Netio drops for multiple interfaces between the command being run approximately 30 seconds apart. From my understanding, Netio is effectively software switching in which the packet got punted to the LC CPU for some sort of processing. My question is whether there is a way to determine what is being punted and why there are so many drops.

Thanks.

xthuijs · ‎08-17-2016

hi wblackcenic, yup there is!

follow this guide:

https://supportforums.cisco.com/document/59721/asr9000xr-troubleshooting-packet-drops-and-understanding-np-drop-counters

and or check cisco live id 2904 from orlando, sanfran and sandiego for more details about packet troubleshooting.

simply:

show controller np counters npX loc Y

and look for RSV_PUNT or PUNT_ type counters to see what is punted,

we canalso make captures of those packets on a per punt reason.

common case is access-list with deny resulting in copy to control plane for icmp unreach gneeration.

cheers

xander

wblackcenic · ‎08-19-2016

Thanks, Xander. I'll check out the Cisco Live presentation for more assistance. From what I can tell, it looks like a lot of the punts may be Netflow related.

Thanks again.

xthuijs · ‎08-19-2016

very much possible wblack!

if that is causing soo many drops in netio, the sampling rate may be too agressive, although the lpts (punt policer) would rate limit the netflow punts to a max of 200kpps per LC.

cheers!

xander