Errors indicate packets that were received but couldn't be processed because there was a problem with the packet. In most cases, when you're seeing inbound errors on a router interface the issue is upstream of that device. Could be a bad cable, misconfiguration on one end or the other, or etc. In most cases, these issues are resolved outside of the router where you're seeing the errors. Errors reporting is documented within RFC 1213 (among others including RFC 1573) and typically is pulled from the IF-MIB (ifInErros and ifOutErrors).
With discards, the situation is almost the opposite. The packets were received with no errors but were dumped before being passed on to a higher layer protocol. A typical cause of discards is when the router needs to regain some buffer space. In the case of discards, the issue is almost always with the router that's reporting the discards (not witha a next hop device, bad cable, etc). RFC 1213 also documents discard reporting and they're right beside the errors within the IF-MIB.
In any healthy network, traffic needs to be discarded at certain points. Consider configuring a switchport to trunk mode. For security reasons, the administrator only allows VLANs 1 and 2 on the link with the switchport trunk allowed vlan 1,2 command. If a packet is received with a VLAN tag of 3, it will be dropped. In this case, a discard will be incremented indicating the interface is working as configured.
The causes of discards can be many, including (but not limited to) the following:
- the device lacks resources to do anything with the packet (such as full buffers).
- the device does not have a route to send the packet to the destination,
- the device has been configured to discard certain traffic or
- “InDiscards”, are almost always caused by a port that is receiving tagged frames for a VLANID that that port is not a member of.
- “NoResourcesPktsDropped” on the other hand are generally caused by a switch that’s “low on/out of” buffer memory, so it will start dropping packets.
- Rx discards could be faulty cabling, interface or NIC. One reason is mismatched VLANs. Check the Configured VLANs on each switch port. The port with the RX discards will be “missing” a VLAN as compared to the other end of the trunk. The switch just “discards” the packets arriving on the missing VLAN. Once the VLANs were matched up, the discards stopped. All broadcast traffic in that vlan will be discarded by the switch port.
- TX discards usually equates to output drops in Show interface. That is generally from the port queue’s filling up and tail dropping because it cannot transmit the data fast enough out the port. Transmit discards are *not* errors.The first fix is to stop using UDP for the transfer and use TCP for the window control. Transmit Discards indicate that packets were not transmitted because of network congestion. It can’t handle any more packets, so the switch tries to queue them up. Once the queues/buffers are full, the packets are discarded.
- Also, note that average utilization is a bad indicator of peak utilization. You can have a very low average utilization but still have out discards if there’s a spike of traffic greater than link speed + egress buffer.
- CRC or duplex mismatches would show as errors not discards. A vlan interface like any other interface has resources assigned , buffers etc. When these are over run you see discards. If the other interfaces that have the errors are Ethernet, you may want to check that both sides of that interface are set to the same speed/duplex, if they are not, you will transmit/receive discards and errors.Changing interfaces may help.
- If you have ACLs on your vlan, the packets that are dropped because of that ACL may be shown as discards.
- ARP table refresh. On many platforms, the ARP table entries are held for 4 hours. thus, Every 4 hours, ARP cache would be flushed and suddenly your may see thousands of ARP requests a second, causing some interfaces to fill buffer space.
- The discards can also be caused by packets with an MTU size that is too large and have the DF bit set.
- “A discard can occur because a packet was sent to a TCP/UDP port for which there was no listener. E.g. if someone tried to make a telnet connection to the IP address on the VLAN interface, but telnet was disabled.”
From:
See also
No comments:
Post a Comment