cancel
Showing results for 
Search instead for 
Did you mean: 

Support with Info messages: DOSProt.DelACLOK

Support with Info messages: DOSProt.DelACLOK

GustavoD
New Contributor

There is an extreme brand wireless and wireless network solution, the following log is constantly being presented in the core
Info: DOSProt.AddACLOK> Slot-1: Added an ACL
Info: DOSProt.DelACLOK> Slot-1: Removed ACL from port
Info: DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
enter the following instruction
Slot-1 Core_UAMS.27 # show iproute reserved-entries statistics
                                      | ----- In HW Route Table ----- | | ------- In HW L3 Hash Table ------ |
                               # Used Routes # IPv4 Hosts IPv4 IPv4 IPv6 IPv4 IPv6
Slot  Type                 IPv4 IPv6 Local Remote Local Rem. Local MCast MCast
---- ------------------------------- ------- ------ - ---- ------ ----- ------ ----- ------ ------
1 X620-16t                 54     0       48           0                  1485 0 0       338 0
2 X620-16t                 54    0         48          0                  1485 0 0        338 0
3 X620-16t                 54    0         48 0                             675 0 0        338 0
4 X620-16t                 54    0         48 0                           1018 0 0        338 0
5 X620-16x                54    0         48 0                            1485 0 0       338 0
6 X620-16x                54    0        48 0                             1485 0 0       338 0

Theoretical maximum for each resource type:
X440G2 480 240 512 512 1021 4096 1021 * 2048 * 1024
X620 480 240 512 512 1533 4096 1533 * 2048 * 1024
X460G2 12256 6128 12288 12288 40958 49152 24576 * 24576 * 12288
X450G2 16352 8176 16384 16384 22526 28672 14336 * 14336 * 7168
X460G2-16MP 16352 8176 16384 16384 49152 49152 24576 * 24576 * 12288
X870 16352 8176 16384 16384 53246 73728 32765 * 36864 * 18432
X465, X590, X690 16352 8176 16384 16384 79870 135168 24573 * 67584 * 33792
X670G2, X770 16352 8176 16384 16384 98302 147456 49149 * 73728 * 36864

Flags: (!) Indicates all reserved route entries in use.
       (d) Indicates only direct IPv4 routes are installed.
       (>) Some IPv6 routes with mask> 64 bits are installed and do not use
           entries in the internal HW Route Table.
       (R) IPv6 hosts in external HW Route Table.
       (*) Assumes IP Multicast compression is on.
       (M) IPMC entries stored in L2 MAC Table when lookup-key is 'mac-vlan'.

Could you support me to read if I have problems with the input tables.

Kind Regards

2 REPLIES 2

GustavoD
New Contributor

The devices are X620 in a version 30.2.1.8, debug readings do not appear.

* Slot-1 Core_UAMS.14 # show version
Slot-1      : 800630-00-12 1702N-40005 Rev 12 BootROM: 1.0.1.8    IMG: 30.2.1.8
Slot-2      : 800630-00-12 1702N-40013 Rev 12 BootROM: 1.0.1.8    IMG: 30.2.1.8
Slot-3      : 800630-00-07 1611N-44086 Rev 07 BootROM: 1.0.1.7    IMG: 30.2.1.8
Slot-4      : 800630-00-12 1702N-40027 Rev 12 BootROM: 1.0.1.8    IMG: 30.2.1.8
Slot-5      : 800629-00-13 1651N-41395 Rev 13 BootROM: 1.0.1.8    IMG: 30.2.1.8
Slot-6      : 800629-00-13 1737N-43715 Rev 13 BootROM: 1.0.1.8    IMG: 30.2.1.8
Slot-7      :
Slot-8      :

Image   : ExtremeXOS version 30.2.1.8 by release-manager
          on Tue Apr 30 19:51:20 EDT 2019
BootROM : 1.0.1.8
Diagnostics : 5.12
Certified Version : EXOS Linux  4.14.107, FIPS fips-ecp-2.0.16

Build Tools Version : exos-mips-sdk-2.5.1.1.3

* Slot-1 Core_UAMS.8 # debug hal show cpu-queue slot 1
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.


* Slot-1 Core_UAMS.9 # debug hal show cpu-queue slot 2
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.

* Slot-1 Core_UAMS.10 # debug hal show cpu-queue slot 3
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.

* Slot-1 Core_UAMS.11 # debug hal show cpu-queue slot 4
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.

* Slot-1 Core_UAMS.12 # debug hal show cpu-queue slot 5
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.

* Slot-1 Core_UAMS.13 # debug hal show cpu-queue slot 6
Queue Info Unit:0
    Queue 0: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 1: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 2: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 3: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 4: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 5: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 6: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.
    Queue 7: PPS 0. CurPkts 0. TotPkts 0. Disc rate 0, qlen 0.

Is there any other way to observe what type of traffic is causing the overload?

 

11/05/2019 12:39:23.03 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:38:50.64 <Info:DOSProt.PktCntExcd> Slot-1: Previous message repeated 2 additional times in the last 25 second(s)
11/05/2019 12:38:44.08 <Crit:NM.FeatLcnsMismatch> Slot-5: The feature pack licenses of Slot-5 do not match the feature pack licenses of the master Slot-1.
11/05/2019 12:38:43.78 <Crit:NM.FeatLcnsMismatch> Slot-2: The feature pack licenses of Slot-2 do not match the feature pack licenses of the master Slot-1.
11/05/2019 12:38:31.48 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:38:12.29 <Info:DOSProt.PktCntExcd> Slot-1: Previous message repeated 4 additional times in the last 16 second(s)
11/05/2019 12:38:04.85 <Crit:NM.FeatLcnsMismatch> Slot-3: The feature pack licenses of Slot-3 do not match the feature pack licenses of the master Slot-1.
11/05/2019 12:37:06.61 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:37:05.59 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:37:01.61 <Info:DOSProt.DelACLOK> Slot-1: Removed ACL from port 2:6, srcIP 172.217.7.33 to destIP 172.20.254.136, protocol tcp
11/05/2019 12:36:55.50 <Info:DOSProt.AddACLOK> Slot-1: Added an ACL to port 2:6, srcIP 172.217.7.33 to destIP 172.20.254.136, protocol tcp
11/05/2019 12:36:55.39 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:35:26.51 <Info:DOSProt.PktCntExcd> Slot-1: Previous message repeated 5 additional times in the last 39 second(s)
11/05/2019 12:35:24.63 <Info:DOSProt.DelACLOK> Slot-1: Removed ACL from port 2:6, srcIP 0.0.0.0 to destIP 172.20.242.132, protocol tcp
11/05/2019 12:35:23.47 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:35:19.40 <Info:DOSProt.PktCntExcd> Slot-1: Previous message repeated 2 additional times in the last 3 second(s)
11/05/2019 12:35:18.48 <Info:DOSProt.AddACLOK> Slot-1: Added an ACL to port 2:6, srcIP 0.0.0.0 to destIP 172.20.242.132, protocol tcp
11/05/2019 12:35:18.37 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:35:14.41 <Info:DOSProt.PtrnNotFnd> Slot-1: No traffic pattern found
11/05/2019 12:35:14.40 <Info:DOSProt.DelACLOK> Slot-1: Removed ACL from port 6:1, srcIP 0.0.0.0 to destIP 172.20.24.9, protocol tcp
11/05/2019 12:35:14.23 <Info:DOSProt.PktCntExcd> Slot-1: Notify-threshold for L3 Protect packet count of 3500 reached
11/05/2019 12:35:10.40 <Info:DOSProt.PktCntExcd> Slot-1: Previous message repeated 2 additional times in the last 1 second(s)
11/05/2019 12:35:08.36 <Info:DOSProt.AddACLOK> Slot-1: Added an ACL to port 6:1, srcIP 0.0.0.0 to destIP 172.20.24.9, protocol tcp

 

 

EtherMAN
Contributor III

This basically means you have DDOS Cpu protection enabled.   There should also be what type of ACL is being created in the log.  

example----

11/04/2019 14:32:34.15 <Info:DOSProt.AddACLOK> MSM-A: Added an ACL to port 1:5, srcIP 172.16.150.61 to destIP 0.0.0.0, protocol udp
11/04/2019 14:32:34.04 <Info:DOSProt.PktCntExcd> MSM-A: Notify-threshold for L3 Protect packet count of 3500 reached 

 

This means that more than 3500 PPS hit the cpu and the system wrote an ACL to slow this down and protect the CPU of the switch.   If this is happening a lot then you need to figure out what is causing so much traffic to your CPU… 

 

Here is info about what hits cpu … https://extremeportal.force.com/ExtrArticleDetail?n=000015071&q=what%20patckets%20on%20XOS%20switche... 

GTM-P2G8KFN