Hardware Packet Counting - ASR9K

From DocWiki

Jump to: navigation, search

Contents

Introduction

This is useful to tell if the ASR9K is the device dropping packets. It works best with a flow you can start and stop.

IPv4

  • Does not work for BVIs
  • Only works for layer 3 interfaces
  • Works for Multicast Traffic
Find and Replace makes this easy.

Interface to Apply ACL ........... : TenGigE1/0/0/1
Linecard of the Physical interface : 1/0/CPU0
Host 1 IPv4 ...................... : 10.1.2.3
Host 2 IPv4....................... : 10.1.2.4

Create the ACL

Remember permit ip any any or traffic will be dropped

ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4
 20 permit icmp host 10.1.2.4 host 10.1.2.3
 30 permit ipv4 any any

Apply ACL to interface

interface TenGigE1/0/0/1
 ipv4 access-group HARDWARE_ACL egress  hardware-count interface-statistics
 ipv4 access-group HARDWARE_ACL ingress hardware-count interface-statistics

Check the Counters

Ingress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists HARDWARE_ACL hardware ingress interface TenGigE1/0/0/1 location 1/0/CPU0
ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4
 20 permit icmp host 10.1.2.4 host 10.1.2.3 (5 hw matches)
 30 permit ipv4 any any

Egress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists HARDWARE_ACL hardware egress interface TenGigE1/0/0/1 location 1/0/CPU0
 ipv4 access-list HARDWARE_ACL
 10 permit icmp host 10.1.2.3 host 10.1.2.4 (5 hw matches)
 20 permit icmp host 10.1.2.4 host 10.1.2.3
 30 permit ipv4 any any

Clear the counters

clear access-list ipv4 HARDWARE_ACL hardware egress interface TenGigE1/0/0/1 location 1/0/CPU0
clear access-list ipv4 HARDWARE_ACL hardware ingress interface TenGigE1/0/0/1 location 1/0/CPU0

IPv6

Find and Replace makes this easy.

Interface to Apply ACL ........... : TenGigE1/0/0/1
Linecard of the Physical interface : 1/0/CPU0
Host 1 IPv6 ...................... : fd00:1::1
Host 2 IPv6 ...................... : fd00:1::2

Create the ACL

Remember permit ip any any or traffic will be dropped

ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmp host fd00:1::1 host fd00:1::2
 20 permit icmp host fd00:1::2 host fd00:1::1
 30 permit ipv6 any any

Apply the ACL

IPv6 counts packets in hardware by default.

interface TenGigE1/0/0/1
 ipv6 address fd00:1::1/64
 ipv6 access-group HARDWARE_ACL_IPV6 egress

Check the counters

Ingress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists ipv6 HARDWARE_ACL_IPV6 hardware ingress location 1/0/CPU0
 ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmpv6 host fd00:1::1 host fd00:1::2 
 20 permit icmpv6 host fd00:1::2 host fd00:1::1 (5 hw matches)
 30 permit ipv6 any any

Egress

RP/1/RSP0/CPU0:ASR9001-A# show access-lists ipv6 HARDWARE_ACL_IPV6 hardware egress location 1/0/CPU0
 ipv6 access-list HARDWARE_ACL_IPV6
 10 permit icmpv6 host fd00:1::1 host fd00:1::2 (5 hw matches)
 20 permit icmpv6 host fd00:1::2 host fd00:1::1 
 30 permit ipv6 any any

Rating: 5.0/5 (1 vote cast)

Personal tools