Header Only - DO NOT REMOVE - Extreme Networks

DOSprotect notice: this second: raw packets to cpu....


When it says dropped in software.....newb question, but whats that mean'dropped in software'? And how is that generated...its coming from a 7i ExtremeWare.....we have two 7is, cpu dos protect enabled on both, but only one generates this (I cannot vouch for both traffic patterns). The suspect 7i had one diff in its dos protect config

11/03/2015 14:30:37.00 [i] DOSprotect notice: this second: raw packets to cpu: 4184 dropped in software: 0
11/03/2015 14:30:06.01 [i] DOSprotect notice: this second: raw packets to cpu: 5269 dropped in software: 0
11/03/2015 14:28:41.00 [i] DOSprotect notice: this second: raw packets to cpu: 6019 dropped in software: 0
11/03/2015 14:28:37.00 [i] DOSprotect notice: this second: raw packets to cpu: 6393 dropped in software: 0
11/03/2015 14:28:36.01 [i] DOSprotect notice: this second: raw packets to cpu: 13832 dropped in software: 0
11/03/2015 14:28:35.00 [i] DOSprotect notice: this second: raw packets to cpu: 10222 dropped in software: 0

Diff in the dos protects setups are

config cpu-dos-protect filter-type-allowed source
one says source and other sw says destination.

ty

1 reply

Userlevel 6
have dust off some old memories... Dosprotect from my understanding protects the cpu from being over run. So question is what packets are hitting the cpu. If I recall the threshold is 3500 pps.. not sure on the 7I... Packets to cpu are broadcast, unknown mac, mcast ... not sure if there are others. If it cant id what type of packet is hitting the cpu then it will not build a blocking acl so no packets dropped.... For me it is better to run this in simulation mode so you see the log and get traps and can react to what may be going on... Odds are if you have a bunch of mcast traffic on these switches then that may be what is causing the log entries... If you post what rev code someone here may still have a concepts guide from back then. The 7I was a beast in ist's day. Good to hear there are some still operational..

Reply