Understanding “Input Discard” Interface Counter in Nexus 3000
Nexus 3000 - Product Overview
The Cisco Nexus 3000 Switch is a high-performance, high-density, ultra-low-latency Ethernet switch. This compact one-rack-unit (1RU) form factor 10 Gigabit Ethernet switch provides line-rate Layer 2 and Layer 3 switching. The switch runs the industry-leading Cisco NX-OS Software operating system, providing customers with comprehensive features and functionality that are widely deployed globally.
“Input Discard” Interface Counter in Nexus 3000
As in other Catalyst and Nexus products, Nexus 3000 also has “show interface ethernet x/y” command.
N3k-A# show interface eth1/1Ethernet1/1 is upHardware: 10/100/1000 Ethernet, address: 547f.ee3f.9c68 (bia 547f.ee3f.9c68) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPAPort mode is trunkfull-duplex, 1000 Mb/sBeacon is turned offInput flow-control is off, output flow-control is offSwitchport monitor is offEtherType is 0x8100Last link flapped 3d18hLast clearing of "show interface" counters 3d18h30 seconds input rate 2272 bits/sec, 284 bytes/sec, 3 packets/sec30 seconds output rate 8304 bits/sec, 1038 bytes/sec, 13 packets/secLoad-Interval #2: 5 minute (300 seconds) input rate 2.15 Kbps, 3 pps; output rate 7.58 Kbps, 12 ppsRX 0 unicast packets 1344749 multicast packets 0 broadcast packets 1344749 input packets 98148908 bytes 0 jumbo packets 0 storm suppression packets 0 giants 0 input error 0 short frame 0 overrun 0 underrun 0 watchdog 0 if down drop 0 input with dribble 3 input discard(includes ACL drops) 0 Rx pauseTX 0 unicast packets 4772275 multicast packets 0 broadcast packets 4772275 output packets 342602114 bytes 0 jumbo packets 0 output errors 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 Tx pause1 interface resetsN3K-A#
In releases earlier to 5.0(3)U2(1), the “show interface ethernet x/y” report input discard counters just as “input discard” without “(includes ACL drops)”.
CSCto53539 - Interface discard counters increment even when packets are not forwarded
CSCto53539 has ONLY changed how the counter is reported in the “show interface eth x/y” results:
This bug is fixed in 5.0(3)U2(1) or later releases.
The redirection of certain protocol packets e.g. PIM/IGMP happens in N3K ASIC via an ACL entry. The packet is qualified using the ACL match actions ( e.g., IP protocol == PIM ) and one of the actions of this ACL would be to copy the packet to CPU. Since the protocol packets are typically required to be handled only by the CPU and are not expected to get forwarded, this ACL also had a DROP action. This way a copy of the packet would go to CPU and then the packet would get dropped in the hardware emulating the desired behavior.
However, drop action from an ACL on an incoming packet is counted as indiscards on the receive interface. Because of this all the legitimate CPU bound protocol packets that get redirected this way would contribute to the indiscards. Considering this an additional description was added in CLI to say "includes ACL drops" for such packets.
Getting further details on Input Discard counter
To get more granular details, it is recommended to use following command:
Please be aware of CSCtu29771, due to which the above command reports all counters as zero, even though the “show interface” reports non-zero input discards. This bug is fixed in 5.0(3)U3(1) or later releases.
IPv4 Discards represent errors at IP layer e.g., IP checksum error
STP Discards are incremented when packets are received when interface is not in STP forwarding state
Policy Discards are incremented when there are discards because of input policy on the interface e.g., storm control
ACL drops indicate that incoming packets match an ACL entry with a drop action.
This can increment under following conditions:
(1) When user configured ACL denies the traffic.
(2) When interface receives the link local multicast packets (EIGRP/PIM/BFD hello’s).
Reason being, internally the packet is getting copied to CPU, and dropped by the ACL Drop.
(3) "STP Discards" action is hit.
Through an enhancement (CSCtx63122), from 5.0(3)U3(1) onwards Nexus 3000 will NOT increase "ACL Drops" counter (and hence "input discard" under "show interface") due to control-plane packets like IGMP/PIM/BFD etc. except Precision Time Protocol (PTP) packets.
This counter is a wrapper counter which represents a condition where no output port could be determined for this packet. From ASIC perspective, Receive Drop is almost a catch-all for all conditions. Some of the common conditions could be:
- Vlan check failed
- MTU check failed
- "ACL Drops" action is hit
- Traffic destined to a non-existing route
- Traffic destined to an IP address for which ARP entry is incomplete
- Multicast traffic getting dropped as the (S, G) has null OIF
It will be challenging to come up with a comprehensive list of all possible conditions. This counter is incremented if the forwarding result at the end of the ingress pipeline (in the forwarding decision making process) is zero, which means, no egress port identified.
Assume that there is a static mac-address entry for mac-address M2 in vlan V2 mapped to port P2.
If a frame with source mac-address M2 received in vlan V2 on P1. In this condition, source mac-address learning cannot happen for this frame and this frame will be dropped.
Vlan Discard indicates vlan-based discards e.g., vlan tagged packet ingressing on a port which is not member of the vlan.
Enhancement request CSCtx60271 has been filed modify the counters considered for "input discards" counters under "show interface".
With this fix, now the "input discards" counter does not include following counters:- ACL (RACL/VACL/PACL) drops- IGMP/BFD packets dropped by CoPP - while the packet rate is higher than 1000 packets/second- DeJavu scenario - packets received and sent out on the same port or port-channel, with no modifications to the packet.
N3k-A# show queuing interface eth 1/1Ethernet1/1 queuing information:TX Queuing qos-group sched-type oper-bandwidth 0 WRR 100RX Queuing qos-group 0 HW MTU: 1500 (1500 configured) drop-type: drop, xon: 0, xoff: 0 Statistics: Ucast pkts sent over the port : 0 Ucast bytes sent over the port : 0 Mcast pkts sent over the port : 0 Mcast bytes sent over the port : 0 Ucast pkts dropped : 0 Ucast bytes dropped : 0 Mcast pkts dropped : 0 Mcast bytes dropped : 0N3k-A#