cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1652
Views
0
Helpful
3
Replies

Nexus 7000 - Unicast RPF statistics

ColinChambers
Level 1
Level 1

Dear all,

I've configured unicast RPF on my VLAN interfaces but now I'm trying to see where the drop statistics are reported and how much detail they have. Can anyone point me to the correct command to show the counter?

I've also read to get a more detailed drop output you need to assign a permit/deny logging ACL to show the rogue source addressing. Again could anyone point me to a good resource on how to do this?

Regards and thanks in advance,

Col

1 Accepted Solution

Accepted Solutions

kitanaka
Level 1
Level 1

Hi Col,

The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.

Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158

You can use a command below to see number of  packets that were dropped due to URP per-module.

N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1

Regards,

Kimihito.

View solution in original post

3 Replies 3

kitanaka
Level 1
Level 1

Hi Col,

The configuration guide says that

Per-interface statistics on packets dropped due to a  failed unicast RPF check are not available but Per-forwarding engine basis

which means Per-module.

Global Statistics

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter22.html#con_1064158

You can use a command below to see number of  packets that were dropped due to URP per-module.

N7K-b(config-if)# show ver | i image
   kickstart image file is: bootflash:/n7000-s1-kickstart.5.0.3.bin
   system image file is:    bootflash:/n7000-s1-dk9.5.0.3.bin


N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000059140804   1-48 I1
455  Exception cause: DROP (Unicast)               0000000059140804   1-48 I1
N7K-b(config-if)# show hardware internal errors module 2 | egrep RPF|DROP
95   CL2 RPF check Fail Pkt count                  0000000069140415   1-48 I1
455  Exception cause: DROP (Unicast)               0000000069140415   1-48 I1

Regards,

Kimihito.

Kimihito,

Thank you for your reply!

I'm not sure which team you're in a Cisco but do you know if there is any thoughts on having a global counter in future versions of the code? If not then I'll speak to my SE about a feature request.

Again thank you for answering my question

Regards,

Col

Hello Col,

I'm in TAC. I see a Closed enhancement request bug (internal one) that requested global statistics and per-interface statistics for RPF.

According to the bug, there is no plan to implement global statistics at this moment.

Could you please talk to your Cisco representative for further disscusstoin of this request ?

I really appreciate for your suggestion that makes our products better.

I will send you private message the internal bug id that makes easier when you talk to your Cisco representative.

Regards,

Kimihito.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco