BugZero | Cisco BugID CSCvy24957 - Increase Catalyst 9000 High Rate App Default Polic...

Cisco - Defect ID: CSCvy24957

Increase Catalyst 9000 High Rate App Default Policer Rate

Cisco - Defect ID: CSCvy24957

Increase Catalyst 9000 High Rate App Default Policer Rate

Last updated on 4/2/2024

Overall: 3.13.1

Severity: 3.73.7

Lifecycle: 44.0

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 3.13.1

Severity: 3.73.7

Lifecycle: 44.0

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Catalyst 9000 series To validate if this Switch#show platform ========================= QId PlcIdx Queue Name ------------------------- 0 11 DOT1X Auth 1 1 L2 Control 2 14 Forus traffic 3 0 ICMP GEN 4 2 Routing Control 5 14 Forus Address resolution 6 0 ICMP Redirect 7 16 Inter FED Traffic 8 4 L2 LVX Cont Pack 9 19 EWLC Control 10 16 EWLC Data 11 13 L2 LVX Data Pack 12 0 BROADCAST 13 10 Openflow 14 13 Sw forwarding 15 8 Topology Control 16 12 Proto Snooping 17 6 DHCP Snooping 18 13 Transit Traffic 19 10 RPF Failed 20 15 MCAST END STATION 21 13 LOGGING 22 7 Punt Webauth 23 18 High Rate App 24 10 Exception 25 3 System Critical 26 10 NFL SAMPLED DATA 27 2 Low Latency 28 10 EGR Exception 29 5 Stackwise Virtual OOB 30 9 MCAST Data 31 3 Gold Pkt switches that utilize NetFlow to send data to a collector or Stealthwatch may not see all traffic at the Netflow collector or Stealthwatch collector due to loss within the High Rate App queue. Netflow traffic will be sent to this queue prior to leaving to the final destination. is occurring you can use the command "show platform hardware fed switch active qos queue stats internal cpu policer" to look for loss within the high rate app queue. hardware fed sw active qos queue stats internal cpu policer CPU Queue Statistics =================================================================== (default) (set) Queue Queue Enabled Rate Rate Drop(Bytes) Drop(Frames) ------------------------------------------------------------------- Yes 1000 1000 0 0 Yes 2000 2000 0 0 Yes 4000 4000 0 0 Yes 600 600 0 0 Yes 5400 5400 0 0 Yes 4000 4000 0 0 Yes 600 600 0 0 Yes 2000 2000 0 0 Yes 1000 1000 0 0 Yes 13000 13000 0 0 Yes 2000 2000 0 0 Yes 1000 1000 0 0 Yes 600 600 0 0 Yes 200 200 0 0 Yes 1000 1000 216069603 281714 Yes 13000 13000 0 0 Yes 2000 2000 0 0 Yes 400 400 0 0 Yes 1000 1000 0 0 Yes 200 200 0 0 Yes 2000 2000 0 0 Yes 1000 1000 0 0 Yes 1000 1000 0 0 Yes 13000 13000 104351486426620 339065848575 Yes 200 200 0 0 Yes 1000 1000 0 0 Yes 200 200 0 0 Yes 5400 5400 0 0 Yes 200 200 37448 104 Yes 8000 8000 0 0 Yes 400 400 0 0 Yes 1000 1000 0 0

Conditions

Excess traffic being sent for Netflow can result in the CoPP queue getting overwhelmed and dropping traffic.

Workaround

Depending on the solution, utilize a Netflow sampler or remove Netflow off higher utilized interfaces to prevent the CoPP queue from getting overwhelmed.

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvy24957

Increase Catalyst 9000 High Rate App Default Policer Rate

Cisco - Defect ID: CSCvy24957

Increase Catalyst 9000 High Rate App Default Policer Rate

Last updated on 4/2/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?