Escolar Documentos
Profissional Documentos
Cultura Documentos
Products Overview
Troubleshooting
– Method
– System Resources
– Packet path / loss
– Wired/Wireless Convergence
Tools/Tips
Products Overview
See the appendix for supervisor, line card, and chassis product and compatibility details.
Products Overview
Intelligent Supervisors
Supervisor Engine 8-E, 7-E, 7L-E, 6-E, 6L-E Shared Packet CPU
Memory
Transparent Line Cards TCAMs1 NFE2
Wire-rate, oversubscribed, PoE
10/100, 10/100/1000, GE, 10GE
Various physical media front panel ports Packet Forwarding
Processor Engine
Dedicated per-slot bandwidth to supervisor
Products Overview
Troubleshooting
– Method
– System Resources
– Packet path / loss
– Wired/Wireless Convergence
Tools/Tips
Troubleshooting Method
• General Recommendations
6. Observe Results
Want to learn more? Check out CCNP Practical Studies: Troubleshooting by Donna Harrington.
CCNP TSHOOT 642-832 Official Certification Guide by Kevin Wallace.
Troubleshooting Method
Method
1. Define Problem
2. Gather Facts
Documentation
3. Consider Possibilities
Use debug and show platform commands only when advised by TAC
Products Overview
Troubleshooting
– Method
– System Resources
– Packet path / loss
– Wired/wireless Convergence
Tools/Tips
Shared Packet CPU
Memory
System Resources TCAMs1 NFE2
CPU
Packet Forwarding
• Linux based Operating System IOS-XE Processor Engine
Supervisor
• Runs IOS tasks
Line Card
• Runs 4500 platform-specific jobs Stub ASICs
Yes Yes
High CPU traffic driven?
High iosd use on IOS-XE? Can the traffic be identified?
(K5CpuMan Review)
No No Yes No
monitor session 1 source cpu
OR
Troubleshoot features related Stop / alter traffic source, debug platform packet all buffer
to the process / open TAC SR open TAC SR if more detail show platform cpu packet buffer
needed
Troubleshooting CPU: Narrowing Down Process
Quad Core
Switch#show proc cpu sort
Identify which process
Core 0: CPU utilization for five seconds: 9%; one minute: 8%; five minutes: 8% running high
Core 1: CPU utilization for five seconds: 5%; one minute: 8%; five minutes: 8%
Core 2: CPU utilization for five seconds: 8%; one minute: 5%; five minutes: 5%
Core 3: CPU utilization for five seconds: 5%; one minute: 5%; five minutes: 5%
IOS-XE processes
Troubleshooting CPU: Narrowing Down Process
switch# show proc cpu detail process iosd sort
Switch#show process cpu detailed process iosd sorted
Core 0: CPU utilization for five seconds: 9%; one minute: 8%; five minutes: 8%
Core 1: CPU utilization for five seconds: 10%; one minute: 8%; five minutes: 8%
Core 2: CPU utilization for five seconds: 7%; one minute: 5%; five minutes: 5%
Core 3: CPU utilization for five seconds: 6%; one minute: 5%; five minutes: 6%
PID T C TID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
(%) (%) (%)
6989 L 3884781 1372616 309 4.15 6.64 6.82 0 iosd
6989 L 1 6989 2797345 7018102 0 6.76 6.57 6.76 0 iosd
6989 L 0 10677 1065764 6669769 0 0.04 0.08 0.05 0 iosd.fastpath
6989 L 1 10678 19185 119427 0 0.00 0.01 0.01 0 CMI Thread
6989 L 0 10679 3288 261952 0 0.00 0.00 0.00 0 iosd.monitor
6989 L 3 10680 86 4203 0 0.00 0.00 0.00 34816 iosd.aux
123 I 3816054 2388033 0 7.66 7.99 8.99 0 Cat4k Mgmt LoPri
122 I 2256302 4346590 0 6.88 5.99 5.88 0 Cat4k Mgmt HiPri
Catalyst-4k Specific
Management Tasks
Troubleshooting CPU: Packet-Driven CPU
switch# show platform health K5CpuMan Over Target
…
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
K5CpuMan Review 30.00 70.81 30 17 100 500 91 66 9 19:17
…
Switch# show platform cpu packet statistics Recent flood of packets with IP Options
… (not HW routable)
Packets Dropped by Packet Queue
Queue Total 5 sec avg 1 min avg 5 min avg 1 hour avg
---------------------- --------------- --------- --------- --------- ----------
Ip Option 10715071 118803 71866 15919 0
…
ACL logging disable ACL logging, use ACL matching stats or netflow
1.CoPP supported on all legacy supervisors starting 12.2(31)SG, SUP6-E/6L-E /4900M/4948E on 12.2(50)SG , all Sup8E/7E/7L-E/4500X
2.Must be configured on all the L3 interfaces of the switch
System Resources
Memory
• Establish baseline
switch# show proc mem detail proc iosd task 153 Collect process memory
Process ID: 153 breakdown for TAC
Process Name: Auth Manager
Total Memory Held: 307882352 bytes
Processor memory Holding = 307882352 bytes
pc = 0x16FCD45C, size = 291258544, count = 4441
Shared Packet CPU
Memory
TCAM
Packet Forwarding
%C4K_HWACLMAN-4-ACLHWPROGERR: Input VOIP_FROM_CE_IPv6 - Processor Engine
hardware TCAM limit, qos being disabled on relevant interface
Supervisor
%C4K_HWACLMAN-4-ACLHWPROGERR: Input Security: 101 - hardware
TCAM limit, some packet processing will be software switched Line Card
Stub ASICs
C4K_HWACLMAN-4-ACLHWPROGERRREASON: Input(75/Normal, 1/Normal)
Invalid Acl-based Feature - hardware TCAM policers exceeded
• Check TCAM usage for ACLs, security, L3 routes, PBR, DHCP Snoop, IPSG,
WCCPv2
Monitoring TCAM
switch# show platform hardware acl statistics utilization brief
Switch#show platform hardware acl statistics utilization brief
CAM Utilization Statistics
--------------------------
Used Free Total
--------------------------------
Input Security (160) 38 (1 %) 2010 (99 %) 2048
Input Security (320) 34 (1 %) 2014 (99 %) 2048
Input Qos (160) 15 (0 %) 2033 (100%) 2048
Input Qos (320) 8 (0 %) 2040 (100%) 2048
Input Forwarding (160) 7 (0 %) 2041 (100%) 2048
Input Forwarding (320) 24 (1 %) 2024 (99 %) 2048
Input Unallocated (160) 0 (0 %) 53248 (100%) 53248
Low utilization
switch# show platform hardware qos policer utilization
-------------------------------------------
Policer utilization summary:
Direction Assigned Used Free
-------------------------------------------
Input 2048 ( 12.5%) 4 ( 0.1%) 2044 ( 99.8%)
Output 2048 ( 12.5%) 1 ( 0.0%) 2047 ( 99.9%)
Free 12288( 75.0%) 0 ( 0.0%) 12288(100.0%)
System Resources
Transmit Queue Memory
• Reserved queue memory for each linecard, exceeding this eats into global pool
• Options:
CPU Subport Tx Queue allocations (TotalSize: 12304) Drop, Recirc, CPU reservations
Recirc Subport Tx Queue allocations(TotalSize: 12288)
…
Global TX Queue reservations
----------------------------
List IOS process CPU % on IOS-XE show proc cpu detail process iosd sort
Display process memory and buffer show proc mem detail proc iosd sort
show proc mem detail proc iosd task <pid>
holdings on IOS-XE
show buffers detailed process iosd
Display Cat4k ACL and policer usage show platform hardware acl statistics utilization brief
show platform hardware qos policer utilization
Products Overview
Troubleshooting
– Method
– System Resources
– Packet path / loss
– Wired/wireless Convergence
Tools/Tips
Troubleshooting Packet Loss / Path
• Why is any packet sent to port(s), to CPU, or dropped?
1. Collect “show tech” and iterations of the below • incrementing counters are most useful
• Some counters are normal
2. Step through the platform • Baseline data is useful
Layer 1 issues
Malformed frames/packets
Oversubscription
Flow-control
Storm-control Supervisor
Line Card
Stub ASICs
max
ingress traffic on oversubscribed ports avg
– control on the peer device min
egress oversubscription
– consider multi-path
Troubleshooting Packet Loss / Path
Flow control
Switch may send pause toward end-device if rx buffer passes high watermark
Stub will pause toward supervisor if end-device signals pause
3 Drops Packet
1. Device sends pause to stub
Processor
2. Stub sends pause to packet
processor 2
Pause
3. Packet processor pauses tx-
queue Stub ASICs
1 Pause
Front Panel Ports
Troubleshooting Packet Loss / Path
Tx Oversubscription and Flow Control
%C4K_SWITCHINGENGINEMAN-4-IPPLLCINTERRUPTFREELISTBELOWHIPRIORITYTHRESHOLD: IPP
LLC freelistBelowHiPriorityThreshold interrupt FreeListCount: 2058,
lowestFreeCellCnt: 0
Shared Packet
Memory
Shared Packet
Memory
Deep buffers and congestion Full
1 Deep Q
1. Deep egress queue fills
2. Packet memory consumed Drops
3. Packet memory unavailable for ingress 3
Troubleshooting Packet Loss / Path
Oversubscription: packet memory exhaustion
Shared Packet
Memory
Reduced buffers during congestion Restricted
Drops
Other solutions:
Even out packet port distribution
Egress policers
Troubleshooting Packet Loss / Path
Packet memory: keeping the FreeList healthy
– Punt?
– Drop? Forwarding
– Forward to where? Engine
– Replicate to where?
Supervisor
Working backwards from ASIC counters Line Card
Packet Loss / Path: Forwarding ASIC
Location Purpose Most Common Platform Troubleshooting Need
IC Input classification ACLs (especially static ACL, which evaluate *all* traffic)
For custom ACL, IOS-level CLI typically all that is needed
NF Netflow Platform troubleshooting not commonly required
IC
L3 Entry
ACL Entry
> L2 entry > floodset
NF
IP
Fwdsel relevant to ACL (ic) only when there is a
redirect action
Depends on “fwdsel”
FL
IC switch# show platform hardware acl input entries static • Hit does not mean packet count
…
NF CamIndex Entry Type Active Apply QoS Hit Count
-------- ---------- ------ --------- ---------
2 IgmpToCpu Y N/A 14237 (estimate)
IP …
switch# show platform hardware acl input entries start 2 end 2 all
FL …
IP Src : 0.0.0.0 / 0.0.0.0
OC IP Dst : 224.0.0.0 / 240.0.0.0
IP Protocol : igmp / IpProtocolMask IGMP sent to 224/4
…
OP willPort:
ActIdx: 252 StatsIdx: 0 FwdIdx: (Cpu, Cpu: true, CpuEvent: 1, go to CPU
3)
OM switch# show platform hardware acl input actions 252 if FwdSel wins over L3
…
FwdSel: 3
L2Action: (0 = permit, 1 = drop, 2 = redirect)
QM
L2Action: 2
Packet Loss / Path: Input Classification
IM ACL examples: static ACL, PBR, PACL
L2
Note: PBR ACLs are removed if
IC switch# show platform hardware acl input entries vlan 901 all adjacency becomes unavailable
…
NF IP Src : 1.1.1.1 / 255.255.255.255
IP Dst : 0.0.0.0 / 0.0.0.0
…
IP ActIdx: 244 StatsIdx: 0 FwdIdx: (Adj, Adj: 8)
Packets sourced from 1.1.1.1/32
FL switch# show platform hardware acl input actions 244
…
will be redirected to adjacency 8 (Po1)
OC FwdSel: 2 If FwdSel wins over L3
…
L3Action: 2
OP
switch# show platform hardware ip adjacency entry 8
OM 000008: vlan: 192 port: Po1 (417) size: 1 ifaId: 20
fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
QM sa: 00:1E:F7:3F:F5:BF da: 00:0C:29:6D:1A:ED rwFmt: Unicast
packets: 0 bytes: 0
Packet Loss / Path: Input Classification
IM ACL examples: static ACL, PBR, PACL
L2 Note: packets classified as non-IP, IPv4, IPv6 (cannot MAC ACL on an IP packet)
IC switch# show ip access deny
Extended IP access list deny
NF 10 deny ip any any (1056 matches)
switch# show ip int gi 1/2
Inbound access list is deny
IP switch# show plat hard acl inp entr int gi 1/2 all
…
FL IP Src : 0.0.0.0 / 0.0.0.0
IP Dst : 0.0.0.0 / 0.0.0.0
OC IP Protocol : IpProtocolNull / IpProtocolNull All IPv4 traffic will be dropped
…
ActIdx: 254 StatsIdx: 0 FwdIdx: (None, rep: 0) Fwdsel doesn’t matter
OP
L2Action: (0 = permit, 1 = drop, 2 = redirect)
switch# show plat hard acl inp act 254
OM …
FwdSel: 0
QM …
L2Action: 1
Packet Loss / Path: Input Classification / Policing
IM Order of operations Ingress Marking
Ingress Policing
Ingress Conditional
L2
Classification
IC flow record microflow Ingress Marking
match ipv4 source address Unconditional Forwarding
NF class-map match-all microflow
match flow record microflow
policy-map ingress
IP class voice-signalling
set dscp cs3 Microflow policing
FL police cir 32000 bc 8000
conform-action transmit Normal policer • Flexible Netflow
OC exceed-action set-dscp-transmit cs1 Conditional Marking • Class-map matching FNF
exceed-action set-cos-transmit 1
class microflow • Policer
OP police cir 100000
conform-action transmit
OM exceed-action drop
class class-default Classification
QM set dscp default
set cos 0 Unconditional Marking
Packet Loss / Path: Input Classification / Policing
IM Monitoring ingress Qos
L2
switch# show policy-map interface gigabitEthernet 1/46
GigabitEthernet1/46
IC Class-map stats are shared across interfaces with the
same policy map
Service-policy input: ingress
NF
Class-map: voice-signalling (match-all)
IP 28283457437 packets
Match: dscp ef (46)
QoS Set
FL
dscp cs3 • Ensure counters increment
police:
OC • Classification displays using the packet counts
cir 32000 bps, bc 8000 bytes
conformed 76128704 bytes; actions: • Policing displays using bytes
OP transmit
exceeded 1810581188160 bytes; actions:
set-dscp-transmit cs1
OM
set-cos-transmit 1
conformed 32000 bps, exceed 761238000 bps
QM
Packet Loss / Path: Forwarding Lookup
IM L3 unicast destination lookups
L2
Remember: unicast traffic won’t be destination-routed unless:
IC switch# show ip route 192.168.200.200 • routing is enabled on the vlan
Routing entry for 192.168.200.0/24
NF Known via "static", distance 1, metric 0 • traffic is sent to L3 MAC
Routing Descriptor Blocks:
* 192.168.100.100
• FwdSel of route wins over ACL
IP Route metric is 0, traffic share count is 1
switch# show ip arp | i 192.168.100.100
FL Internet 192.168.100.100 0 000c.296d.1aed ARPA Vlan192
switch# show mac address dynamic | i 000c.296d.1aed
OC 192 000c.296d.1aed dynamic ip,ipx,assigned,other Port-channel1
switch# show platform hardware ip route ipv4 network 192.168.200.0 255.255.255.0
Block: 0 En: true EntryMap: LSB Width: 80-Bit Type: Dst
OP …
000022: v4 192.168.200.0/24 --> vrf: Global Routing Table (0)
OM adjStats: true fwdSel: 2 mrpf: 0 (None) fwdIdx: 0 ts: 0
adjIndex: 8 vlan: 192 port: Po1 (417)
QM fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
sa: 00:1E:F7:3F:F5:BF da: 00:0C:29:6D:1A:ED
Packet Loss / Path: Output Classification / Policing
IM Order of operations Output Marking
Output Policing
Output Conditional
L2
Classification
IC Output Marking
Unconditional Queuing
NF
policy-map egress
class voice Classification
IP set dscp ef Marking
set cos 5
FL priority
police cir percent 33 Policing
OC class voice-control
set dscp af31
set cos 3
OP bandwidth remaining percent 5
Queuing
class class-default
OM dbl
QM
Packet Loss / Path: Output Classification / Policing
IM • Monitoring egress Qos
switch# show policy-map int g1/36 output
L2 GigabitEthernet1/36
IC Service-policy output: AutoQos-VoIP-Output-Policy Class-map stats are shared across interfaces with the
same policy map
NF Class-map: AutoQos-VoIP-Bearer-QosGroup (match-all)
625530530 packets
Match: qos-group 46
IP QoS Set
ip dscp ef
FL cos 5
priority queue:
OC Transmit: 32344068480 Bytes, Queue Full Drops: 0 Packets
police:
cir 33 %
OP cir 330000000 bps, bc 10312500 bytes • Ensure counters increment
conformed Packet count - n/a, 32335870400 bytes; actions:
• Classification display using the packet counts
OM transmit
exceeded Packet count - n/a, 7813435520 bytes; actions: • Policing display using bytes
QM drop
• Queue full drops are in packets
conformed 325185000 bps, exceed 97368000 bps
Packet Loss / Path: Output Queuing
IM DBL processing (if packet is not scheduled for drop)
L2 Descriptor enqueued in queue memory
IC
QM
Packet Loss / Path: Output Queuing
policy-map egress_queueing
class dscp32-48 Tx Q Class
police cir 990000 Low priority queues can be
conform-action transmit starved, policer recommended 0 dscp32-48
exceed-action drop 5 dscp16-31
priority
class dscp0-15 6 dscp0-15
bandwidth 250000
7 dscp49-63, class-default
queue-limit 400
class dscp16-31
bandwidth 250000
queue-limit 512
class class-default First and last appear where expected, middle reversed
Products Overview
Troubleshooting
– Method
– System Resources
– Packet path / loss
– Wired/wireless Convergence
Tools/Tips
Wired/wireless Convergence
New capability on Sup8E with IOS-XE 3.7.0E
Overview
Converged Mode
Troubleshooting
Quick Start
/Configuring
Wireless
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/guide-c07-733704.html
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-7-0E/wireless/configuration-guide/b_37e_4500sup8e_cg.pdf
Sup8E Wired/Wireless Convergence
Overview
In-built daughter-card which enables wireless
capabilities
Supervisor
Line Card
Stub ASICs
Supervisor
Line Card
Stub ASICs
Wireless packets are redirected to DC
Supervisor
Line Card
Stub ASICs
Products Overview
Troubleshooting
Method
System Resources
Packet path / loss
Wired/wireless Convergence
Tools/Tips
Tools: Wireshark
Write to PCAP file on storage, display on switch or using laptop Wireshark GUI
Only the core filter is implemented in hardware as ACLs. Use a restricted filter to avoid high CPU
Tools: Wireshark
Display
Filter Console
switch# monitor capture mycap int gi 1/46 in match ipv4 protocol tcp 10.1.1.1/32 any file location
bootflash:mycap.pcap limit duration 3
Display a pcap file in detail show monitor capture file <filename> detailed
Display a pcap file with filter show monitor capture file <filename> display-filter “filter-detail”
Check if wireshark is running show proc cpu | inc dumpcap
Tools: Embedded Event Manager
Extremely versatile tool for monitoring, automating, working around issues
(a) What do I want to detect? (b) What do I want to do after that?
event manager applet high-cpu
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.10.1 get-type exact entry-op ge entry-val “80" poll-interval 10
action 1.0 syslog msg "HIGH_CPU! CPU is at: $_snmp_oid_val“
action 2.0 cli command "enable"
action 2.1 cli command "show process cpu | redirect bootflash:cpu.txt"
Collect process CPU usage when CPU is high
action 2.2 cli command "configure terminal"
action 2.3 cli command "event manager scheduler suspend“
Switch#dir crashinfo:
Directory of crashinfo:/
Switch#dir kinfo:
Directory of kinfo:/
Gather latest files from both these
No files in directory directories
NODE: LOCAL
============
Recent Crashinfo file:
crashinfo:crashinfo_plogd_20141022-213819-UTC
crashinfo:
crashinfo_iosd_20141022-213712-UTC Lists wireless DC crash files
crashinfo_plogd_20141022-213819-UTC
fullcore_plogd_20141022-213819-UTC
crashinfo-dc:
Switch#dir crashinfo-dc:
Directory of crashinfo-dc:/
Automatically output time and CPU utilization with each command (exec mode)
terminal exec prompt timestamp
When logging the console, add comments and prefix with “!” to avoid error messages
switch#!!! show module after peer reload