Hardware Packet Counting - ASR9K

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Introduction)
 
Line 1: Line 1:
=Introduction=
=Introduction=
-
This is useful to tell if the ASR9K is the device dropping packets. It works best with a flow you can start and stop.
+
This is a procedure to determine if the ASR9K is dropping packets. It works best with a flow you can start and stop. ACLs on the ASR9K are in hardware and extremely fast.
 +
 
 +
There is no production impact for *correctly* following this procedure.
==IPv4==
==IPv4==

Latest revision as of 20:22, 6 February 2018

Contents

Introduction

This is a procedure to determine if the ASR9K is dropping packets. It works best with a flow you can start and stop. ACLs on the ASR9K are in hardware and extremely fast.

There is no production impact for *correctly* following this procedure.

IPv4

  • Does not work for BVIs
  • Only works for layer 3 interfaces
  • Works for Multicast Traffic
Find and Replace makes this easy.

Interface to Apply ACL ........... : TenGigE1/0/0/1
Linecard of the Physical interface : 1/0/CPU0
Host 1 IPv4 ...................... : 10.1.2.3
Host 2 IPv4....................... : 10.1.2.4

Create the ACL

Remember permit ip any any or traffic will be dropped

ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4
 20 permit icmp host 10.1.2.4 host 10.1.2.3
 30 permit ipv4 any any

Apply ACL to interface

interface TenGigE1/0/0/1
 ipv4 access-group HARDWARE_ACL egress  hardware-count interface-statistics
 ipv4 access-group HARDWARE_ACL ingress hardware-count interface-statistics

Check the Counters

Ingress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists HARDWARE_ACL hardware ingress interface TenGigE1/0/0/1 location 1/0/CPU0
ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4
 20 permit icmp host 10.1.2.4 host 10.1.2.3 (5 hw matches)
 30 permit ipv4 any any

Egress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists HARDWARE_ACL hardware egress interface TenGigE1/0/0/1 location 1/0/CPU0
 ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4 (5 hw matches)
 20 permit icmp host 10.1.2.4 host 10.1.2.3
 30 permit ipv4 any any

Clear the counters

clear access-list ipv4 HARDWARE_ACL hardware egress interface TenGigE1/0/0/1 location 1/0/CPU0
clear access-list ipv4 HARDWARE_ACL hardware ingress interface TenGigE1/0/0/1 location 1/0/CPU0

IPv6

Find and Replace makes this easy.

Interface to Apply ACL ........... : TenGigE1/0/0/1
Linecard of the Physical interface : 1/0/CPU0
Host 1 IPv6 ...................... : fd00:1::1
Host 2 IPv6 ...................... : fd00:1::2

Create the ACL

Remember permit ip any any or traffic will be dropped

ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmp host fd00:1::1 host fd00:1::2
 20 permit icmp host fd00:1::2 host fd00:1::1
 30 permit ipv6 any any

Apply the ACL

IPv6 counts packets in hardware by default.

interface TenGigE1/0/0/1
 ipv6 address fd00:1::1/64
 ipv6 access-group HARDWARE_ACL_IPV6 egress

Check the counters

Ingress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists ipv6 HARDWARE_ACL_IPV6 hardware ingress location 1/0/CPU0
 ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmpv6 host fd00:1::1 host fd00:1::2 
 20 permit icmpv6 host fd00:1::2 host fd00:1::1 (5 hw matches)
 30 permit ipv6 any any

Egress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists ipv6 HARDWARE_ACL_IPV6 hardware egress location 1/0/CPU0
 ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmpv6 host fd00:1::1 host fd00:1::2 (5 hw matches)
 20 permit icmpv6 host fd00:1::2 host fd00:1::1 
 30 permit ipv6 any any

Rating: 5.0/5 (5 votes cast)

Personal tools