Junos
Reply
Recognized Expert
benb
Posts: 204
Registered: ‎11-05-2007
0

Re: L3 incompletes increasing


sunfun wrote:

Hi benb,

 

thank you for your help, but how is it possible to stop this kind of frames?

i know it's possible to configure an ACL to avoid one IP subnet, but how can i do to stop one frame with a wrong IP header?


In the case of the OP, the frames are destined for a mac-id that is not present in the cam database on the PIC.  So, the PIC is discarding the frames, before they are completely handled by the L2/L3 packet processing ASIC.  The problem isn't that the datagram has the "wrong IP header".  Rather, the DA mac-id is not something the PIC is configured to receive.

 

One would need to capture the the frames "on the wire", or on the sending device, to determine what they are, and then configure the remote device to stop forwarding them (if possible).  The details here are specific to the situation.

 


sunfun wrote:

and about the upgrade to version 9.0, i see that we have to upgrade first to version 8.5, and after to version 9.0 on this link : https://www.juniper.net/techpubs/software/junos/junos91/rn-sw-91/frameset.html

 

could you confirm this please?

 


That is correct.  In order to upgrade to 9.0, from 8.2, you will need to first upgrade to 8.5.

 

Regards,

Ben

 

Contributor
sunfun
Posts: 10
Registered: ‎09-04-2008
0

Re: L3 incompletes increasing

Hi benb,

 

Thank you for your help.

 

As i'm not sure about your short words, could you explain me what you mean by:

- OP

- DA

 

I agree that we have to capture traffic on this link, but these equipments are on our production, it's impossible to make some tests on this link, because lots of customers won't have any access on Internet.

 

As i really with attention your message, could it be possible to delete the cam entry in the database?

If it's possible, please tell me how i can do.

 

For the upgrade, I thank you to confirm me about the procedure.

 

With pleasure to read your solution.

 

Thank you.

 

Best regards,

 

sunfun

Recognized Expert
benb
Posts: 204
Registered: ‎11-05-2007
0

Re: L3 incompletes increasing

OP = original poster

DA = destination address

 

No, you can not delete the cam entries on the pic.  That would not help.  Yes, you will need to follow the upgrade procedure you previously mentioned.  In the case of the original poster (OP), these errors are "cosmetic".

 

Regards,

Ben

Contributor
sunfun
Posts: 10
Registered: ‎09-04-2008
0

Re: L3 incompletes increasing

Hi benb,

 

thank you for your help.

now, we just put higher the value of L3 incompletes detective, to avoid being called when the alarm appears for this L3 incompletes counter during the increase.

 

best regards,

 

sunfun

Super Contributor
ChadM
Posts: 170
Registered: ‎10-14-2008
0

Re: L3 incompletes increasing

We ran into this on our network as well and found a handful of culprits: cdp, spanning tree, and dec mop. We only found the last one because we had a tap on the interface and could look for any non-IP traffic. Found it on our 6500s as well as 38xxs running IP Services or higher.

Our standard configuration on the Cisco side now includes:
[on the physical interface]
no cdp enable
spanning-tree bpdufilter enable
[on the interface / vlan with the ip address]
no mop enabled

Once we made sure that all three of those were disabled there were no more errors. No more complaints by Orion about errors either. Yay!

-Chad
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.