cancel
Showing results for 
Search instead for 
Did you mean: 

ELRP + UPM = Number of UPM Events in Queue for execution

ELRP + UPM = Number of UPM Events in Queue for execution

AlexanderT
New Contributor
Hello!

I want to execute UPM after every LOOP detect without Queue.

Now, I see couple of loops , but UPM executes with Queue.

  • 07/22/2015 16:58:08.98 [CLI:v3000:4] LOOP DETECTED : 3241 transmited, 177 received, ingress slot:port (3) egress slot:port (1)07/22/2015 16:58:07.98 [CLI:v3002:6] LOOP DETECTED : 170 transmited, 97 received, ingress slot:port (3) egress slot:port (1)
  • 07/22/2015 16:58:05.98 [CLI:v3000:4] LOOP DETECTED : 3238 transmited, 171 received, ingress slot:port (1) egress slot:port (3)
  • 07/22/2015 16:58:04.98 [CLI:v3002:6] LOOP DETECTED : 167 transmited, 91 received, ingress slot:port (3) egress slot:port (1)
  • 07/22/2015 16:58:02.98 [CLI:v3000:4] LOOP DETECTED : 3235 transmited, 165 received, ingress slot:port (3) egress slot:port (1)
  • 07/22/2015 16:58:01.98 [CLI:v3002:6] LOOP DETECTED : 164 transmited, 85 received, ingress slot:port (3) egress slot:port (1)
  • 07/22/2015 16:57:59.98 [CLI:v3000:4] LOOP DETECTED : 3232 transmited, 159 received, ingress slot:port (1) egress slot:port (3)
* exos_vm_sw1.91 # show upm history--------------------------------------------------------------------------------
Exec Event/ Profile Port Status Time Launched
Id Timer/ Log filter
--------------------------------------------------------------------------------
100 Log-Message(loopdete loopdetect --- Running 2015-07-22 17:22:57
99 Log-Message(loopdete loopdetect --- Pass 2015-07-22 17:21:56
98 Log-Message(loopdete loopdetect --- Pass 2015-07-22 17:20:56
97 Log-Message(loopdete loopdetect --- Pass 2015-07-22 17:19:56
96 Log-Message(loopdete loopdetect --- Pass 2015-07-22 17:18:56
95 Log-Message(loopdete loopdetect --- Pass 2015-07-22 17:17:56
--------------------------------------------------------------------------------
Number of UPM Events in Queue for execution: 10
* exos_vm_sw1.92 #

* exos_vm_sw1.92 # show upm profile "loopdetect" Created at : 2015-07-22 10:43:41
Last edited at : 2015-07-22 16:30:09

************Profile Contents Begin************
configure vlan $EVENT.LOG_PARAM_1 delete ports $EVENT.LOG_PARAM_7
set var temp $TCL(after [expr 60*1000])
configure vlan $EVENT.LOG_PARAM_1 add ports $EVENT.LOG_PARAM_7 tagged

************Profile Contents Ends*************

Profile State: Enabled
Profile Maximimum Execution Time: 75
Events and ports configured on the profile:
===========================================================
Event Port list/Log filter
===========================================================
device-detect :
device-undetect :
user-authenticated :
user-unauthenticated :
log-message : loopdetect
identity-detect :
identity-undetect :
identity-role-associate :
identity-role-dissociate :
===========================================================
13 REPLIES 13

You said "I don't understand that part. A loop implies that 2 ports are (wrongly) linked together in the same vlan(s). Shutting down any of the two ports, or some carrier ports (the uplinks) will break the loop."

Let's imagine something simpler. I have only one so-called 'carrier' port on x670 switch, with about ten vlans on it. ELRP shows LOOP on one of them, vlan v1000.
All ten vlans terminated on that x670 and have ip addresses.
Then, if traffic will be looping on that v1000 it'll be real problem for the switch CPU, processes, and maybe that x670 'turns into pumpkin'.
1. There is no another ports to shut by ELRP.
2. Looping traffic is going only one port, back and forth
3. I have some options :
3.1. to shut the port, but then I'll lost connectivity on all ten vlans
3.2. to do nothing, but then I'll lost connectivity on all switch
3.3. to somehow block traffic on v1000 on that port - simplest way to delete vlan from port - ' configure vlan $EVENT.LOG_PARAM_1 delete ports $EVENT.LOG_PARAM_7 ' . then I could send trap/write mail, and wait for admin to reconfig. But, I don't want to wait for human. I want to device try to recover itself.
3.4. to somehow block traffic on v1000 on that port , wait for 60-300 seconds, try to recover, and so on.

You said "If you can't shut the port at the edge because this is not your administrative domain and you are forced to do it only on your carrier port, then your approach makes perfect sense to me." - Exactly!
Or, if it's in my admin domain, but switch there can't do LOOP detection.

You said "I'm a bit worried to have a long pause in an UPM script, because it pauses every UPM scripts."

Recently I was thinking UPM can be multithreaded ... And there wont be a queue.

So maybe UPM is not my choice for this deal.

Hi Pavel,

You said: "Again, if a loop creates on egress ports , then if I shutdown ingress port, will a loop on egress port disappear ? No, traffic sended to egress port will be looping to me."

I don't understand that part. A loop implies that 2 ports are (wrongly) linked together in the same vlan(s). Shutting down any of the two ports, or some carrier ports (the uplinks) will break the loop. So the idea is to have an ELRP configuration that would let the carrier links open (so that you don't block tens of vlans) and just block one of the two ports creating the loop (that are most likely in a single vlan).

This can be achieved with the exclude-list and eventually with selecting ingress or egress behavior (16.1), depending on the design.

Unless you have a very specific design, that should address most of the use cases. If this is happening on the Core, where every ports are carrying a lot of vlans, a cabling error would impact every vlans as well (either you have several loops in all broadcast domains, or you have a mix of loops and blackholes), so shutting down the port is fine imho.

Now, if you are monitoring that in the Core and you want to react to an edge created loop, the best approach is to shut the port at the edge, not in the core.

If you can't shut the port at the edge because this is not your administrative domain and you are forced to do it only on your carrier port, then your approach makes perfect sense to me. I'm a bit worried to have a long pause in an UPM script, because it pauses every UPM scripts.

Maybe then, a Python App would be a better approach. I need to validate a few things on that.

If a loop creates on uplink , what to do ?

In 16.1 it's not better. Again, if a loop creates on egress ports , then if I shutdown ingress port, will a loop on egress port disappear ? No, traffic sended to egress port will be looping to me.

Yes, send trap and write log is better than nothing. But I prefer the box to re-add vlan to port by itself , then if loop detected again script will delete it once more, and so on.

Here is how it works on D-Link switches

18337 2014-03-09 07:51:28 CRIT(2) Port 23 VID 1075 LBD loop occurred. Packet dis card begun
18336 2014-03-09 07:51:28 CRIT(2) Port 23 VID 200 LBD loop occurred. Packet disc
ard begun
18335 2014-03-09 07:51:27 INFO(6) Port 23 VID 1075 LBD recovered. Loop detection
restarted
18334 2014-03-09 07:51:27 INFO(6) Port 23 VID 200 LBD recovered. Loop detection
restarted

AlexanderT
New Contributor
No, block port is not appropriate. I think we need to block vlan with a LOOP, and then to unblock it. Not a port with hundreds of vlans and gigabits of traffic.

Or do you think I'm wrong ?

Stephane_Grosj1
Extreme Employee
Hi,
can't you just let ELRP block the port?
GTM-P2G8KFN