Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LACP packets flooded --> max out cpu - Nexus 7018

We recently ran into a issue where LACP on a server link took down one of our switches (let's say switch 1) with LACP packets flooded to the SUP.  This also caused a "UDLD empty echo" error on switch 2 in the VPC domain because switch 1 stopped echoing UDLD.  This of course, killed the VPC peer-link.  What we ended up finding out is that we didn't apply the new copp policy to the new code so the l2 copp profile was not in the configuration (coming from code version 5.0.3, we are currently on 5.2(3a) ).  Having looked back at the copp l2 policy, it doesn't do anything but allow the flood to continue:

class-map type control-plane copp-system-class-l2-unpoliced

match access-group name copp-system-acl-mac-lacp

mac access-list copp-system-acl-mac-lacp

  permit any 0180.c200.0002 0000.0000.0000 0x8809

class copp-system-class-l2-unpoliced

police cir 8 gbps bc 5 mbytes conform transmit violate transmit (how does this help at all?)

We are trying to keep this from happening again.  I was wondering if any of you have suggestions on whether we should go with storm control or if there something out there with copp configurations that can be applied to keep this from happening.  Of course, at this point, applying storm control to all of the data center switches will be a tedious task but maybe that's the best solution?  Any help is greatly appreciated!

Thanks,

Jason

364
Views
0
Helpful
0
Replies
CreatePlease to create content