Symptom
Cannot adjust "platform punt-policer" on c8300/c8500 platforms, example:
HUB(config)# platform punt-policer 11?
This line doesn't have a valid range expression
Possible completions:
11
HUB(config)# platform punt-policer 11?
This line doesn't have a valid range expression
Possible completions:
11
HUB(config)# platform punt-policer 11 2000 h
^
% Invalid input detected at '^' marker.
HUB(config)# platform punt-policer 11 20000 high
------------------------------------------^
syntax error: element does not exist
HUB(config)# platform punt-policer ?
Possible completions:
Punt cause to be policed
range
Conditions
While doing scale tests with 8k tunnels, we found that after the reload device is dropping SD-WAN control connections traffic as well as data plane traffic from peers with DROP 206 (PuntPerCausePolicerDrops). This is kind of expected since a lot of devices trying to establish data plane tunnels, but the device does not know about them yet (control connections are not established), hence dropping all control plane traffic exceeding "For us" policer:
HUB#sh platform software punt-policer drop-only
Per Punt-Cause Policer Configuration and Packet Counters
Punt Config Rate(pps) Conform Packets Dropped Packets Config Burst(pkts) Config Alert
Cause Description Normal High Normal High Normal High Normal High Normal High
-------------------------------------------------------------------------------------------------------------------------------------------------------------
11 For-us data 40000 5000 6 144600 0 109799 40000 5000 Off Off
Workaround
please contact Cisco TAC for a manual workaround, the concept is to limit data plane traffic while control plane is being established, EEM script to be used.
Further Problem Description
