DOSprotect notice: this second: raw packets to cpu....

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
When it says dropped in software.....newb question, but whats that mean'dropped in software'?  And how is that generated...its coming from a 7i ExtremeWare.....we have two 7is, cpu dos protect enabled on both, but only one generates this (I cannot vouch for both traffic patterns).  The suspect 7i had one diff in its dos protect config


11/03/2015 14:30:37.00 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 4184  dropped in software: 0
11/03/2015 14:30:06.01 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 5269  dropped in software: 0
11/03/2015 14:28:41.00 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 6019  dropped in software: 0
11/03/2015 14:28:37.00 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 6393  dropped in software: 0
11/03/2015 14:28:36.01 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 13832  dropped in software: 0
11/03/2015 14:28:35.00 <Info:SYST> DOSprotect notice: this second: raw packets to cpu: 10222  dropped in software: 0

Diff in the dos protects setups are

config cpu-dos-protect filter-type-allowed  source
one  says source and other sw says destination.

ty
Photo of Jimmy

Jimmy

  • 650 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of EtherMAN

EtherMAN, Embassador

  • 7,200 Points 5k badge 2x thumb
have dust off some old memories... Dosprotect from my understanding protects the cpu from being over run.  So question is what packets are hitting the cpu.  If I recall the threshold is 3500 pps.. not sure on the 7I... Packets to cpu are broadcast, unknown mac, mcast ... not sure if there are others.  If it cant id what type of packet is hitting the cpu then it will not build a blocking acl so no packets dropped.... For me it is better to run this in simulation mode so you see the log and get traps and can react to what may be going on... Odds are if you have a bunch of mcast traffic on these switches then that may be what is causing the log entries... If you post what rev code someone here may still have a concepts guide from back then.   The 7I was a beast in ist's day.  Good to hear there are some still operational..