Nexus 7000 - Unicast RPF statistics

Answered Question
Sep 13th, 2010

Dear all,

I've configured unicast RPF on my VLAN interfaces but now I'm trying to see where the drop statistics are reported and how much detail they have. Can anyone point me to the correct command to show the counter?

I've also read to get a more detailed drop output you need to assign a permit/deny logging ACL to show the rogue source addressing. Again could anyone point me to a good resource on how to do this?

Regards and thanks in advance,

Col

I have this problem too.
0 votes
Correct Answer by kitanaka about 6 years 4 months ago

Hi Col,

The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.

Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158

You can use a command below to see number of  packets that were dropped due to URP per-module.

N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1

Regards,

Kimihito.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
kitanaka Thu, 09/16/2010 - 17:49

Hi Col,

The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.

Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158

You can use a command below to see number of  packets that were dropped due to URP per-module.

N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1

Regards,

Kimihito.

ColinChambers Sat, 09/18/2010 - 03:35

Kimihito,

Thank you for your reply!

I'm not sure which team you're in a Cisco but do you know if there is any thoughts on having a global counter in future versions of the code? If not then I'll speak to my SE about a feature request.

Again thank you for answering my question

Regards,

Col

kitanaka Mon, 09/20/2010 - 08:05

Hello Col,

I'm in TAC. I see a Closed enhancement request bug (internal one) that requested global statistics and per-interface statistics for RPF.

According to the bug, there is no plan to implement global statistics at this moment.

Could you please talk to your Cisco representative for further disscusstoin of this request ?

I really appreciate for your suggestion that makes our products better.

I will send you private message the internal bug id that makes easier when you talk to your Cisco representative.

Regards,

Kimihito.

Actions

This Discussion