Nexus 7000 - Unicast RPF statistics

Answered Question
Sep 13th, 2010
User Badges:

Dear all,


I've configured unicast RPF on my VLAN interfaces but now I'm trying to see where the drop statistics are reported and how much detail they have. Can anyone point me to the correct command to show the counter?


I've also read to get a more detailed drop output you need to assign a permit/deny logging ACL to show the rogue source addressing. Again could anyone point me to a good resource on how to do this?


Regards and thanks in advance,


Col

Correct Answer by kitanaka about 6 years 10 months ago

Hi Col,


The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.


Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158


You can use a command below to see number of  packets that were dropped due to URP per-module.



N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1



Regards,

Kimihito.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
kitanaka Thu, 09/16/2010 - 17:49
User Badges:

Hi Col,


The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.


Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158


You can use a command below to see number of  packets that were dropped due to URP per-module.



N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1



Regards,

Kimihito.

ColinChambers Sat, 09/18/2010 - 03:35
User Badges:

Kimihito,


Thank you for your reply!


I'm not sure which team you're in a Cisco but do you know if there is any thoughts on having a global counter in future versions of the code? If not then I'll speak to my SE about a feature request.


Again thank you for answering my question


Regards,


Col

kitanaka Mon, 09/20/2010 - 08:05
User Badges:

Hello Col,


I'm in TAC. I see a Closed enhancement request bug (internal one) that requested global statistics and per-interface statistics for RPF.

According to the bug, there is no plan to implement global statistics at this moment.

Could you please talk to your Cisco representative for further disscusstoin of this request ?

I really appreciate for your suggestion that makes our products better.


I will send you private message the internal bug id that makes easier when you talk to your Cisco representative.


Regards,

Kimihito.

Actions

This Discussion