c6506 (Sup2/msfc2/pfc2) MLS issue / not mls handled traffic

Unanswered Question
Sep 4th, 2008

Hi folks,

i have the following issue with a c6506 with sup2,msfc2 and a pfc2:

The most traffic is NOT process with MLS, it seems it is processed through the msfc.

Most of the inbound traffic (90%) seems to be not mls switched, this shows me the msfc show intxx command.

If you need more info, please let me know.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Thu, 09/04/2008 - 06:06

Hello Ronny,

post the output of sh mls on the L2 supervisor to see if it has detected and would use the MSFC as MLS RP.

Hope to help

Giuseppe

ronnyboesger Thu, 09/04/2008 - 06:23

Hi Giuseppe,

thank your for help, following the output:

> sh mls

Total packets switched = 1006234374864

Total bytes switched = 451868540482264

Total routes = 261525

Total number of Netflow entries = 76489

Long-duration flows aging time = 320 seconds

IP statistics flows aging time = 16 seconds

IP statistics flows fast aging time = 0 seconds, packet threshold = 0

IP Current flow mask is Full flow

Netflow Data Export version: 5

Netflow Data Export enabled

Netflow Data Export configured for port xxxx on host xxx.xxx.xxx.xxx

Secondary Data Export configured for port xxxx on host xxx.xxx.xxx.xxx

Total packets exported = 28283078

Total Secondary packets exported = 28283078

Total NDE collectors configured = 2

Destination Ifindex export is enabled

Source Ifindex export is enabled

Bridged flow statistics is enabled on vlan(s) 1,20,887,888.

Bridged flow statistics is disabled on vlan(s) 10-11,1006-1011,1016.

Cannot get bridged flow statistics information of vlan(s) 1002-1005.

IPX statistics flows aging time = 16 seconds

IPX flow mask is Destination flow

IPX max hop is 255

Module 15: Physical MAC-Address 00-0f-35-xx-xx-xx

Module 15 is the designated MSFC for installing CEF entries

Packets are rate limited to router at the rate of 20000 pps

Load balancing hash is based on source and destination IP addresses

Per-prefix Stats for ALL FIB entries is Enabled

kind regards,

ronny

Giuseppe Larosa Thu, 09/04/2008 - 06:36

Hello Ronny,

everything looks fine but I see that you are receveing a BGP full table:

Total routes = 261525

Total packets switched = 1006234374864

Total bytes switched = 451868540482264

msfc# sh cef drop

CEF Drop Statistics

Slot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_Err

RP 382089049 102396 0 6081869 0 0

msfc# sh cef not-cef-switched

CEF Packets passed on to next switching layer

Slot No_adj No_encap Unsupp'ted Redirect Receive Options Access Frag

RP 241681182 0 0 0 81491042 0 0 0

Verify if CEF MLS is not short of memory in that case ip packets with destinations not present in CEF tables are process switched = sent to MSFC

Hope to help

Giuseppe

ronnyboesger Thu, 09/04/2008 - 06:49

Hello Giuseppe,

the msfc says:

#show mem sum

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor 41D122E0 439278880 231796660 207482220 177103952 134536428

I/O 8000000 67108864 5488784 61620080 53247648 57810972

and the CatOs says:

Memory Used: 67060512

Free: 75777856

Total: 142838368

so there should be enough free mem.

I have read all cisco troubleshouting and info docs. Vor 2 weeks everything was fine, nothing was changed in this time.

Are there any further hints on this ?

thanks ronny

Giuseppe Larosa Fri, 09/05/2008 - 03:55

Hello Ronny,

two possible actions:

a) IP Current flow mask is Full flow move to destination flow mask in the hope to change

b) schedule a catalyst reload and see if in the first days MLS is working (last resort)

Having free memory on MSFC and supervisor is necessary but could be not enough. It depends on the type of linecards you have on the chassis if they have DFC submodules they will try to store the CEF tables on them.

You can verify with show module on the supervisor if there are DFCs in the linecards.

Hope to help

Giuseppe

ronnyboesger Fri, 09/05/2008 - 04:08

Hello Giuseppe,

>>a) IP Current flow mask is Full flow move to destination flow mask in the hope to change

This action was already checked. No success on this.

No, we don`t have any dCEF Modules in that Cisco, there are:

a 1000BaseX Ethernet WS-X6408-GBIC

a 10/100/1000BaseT Ethernet WS-X6148-GE-TX

i will schedule a reload of this router, i think this would solve this issue for a while,perhaps we need a ios /catos update.

best regards,

ronny

And once again, thank you for your time to help on this issue :)

Actions

This Discussion