Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuration of packet-filter counters for BAGG interfaces

 
SOLVED
Go to solution
Highlighted
Occasional Advisor

Configuration of packet-filter counters for BAGG interfaces

Dear community,

I run a couple of HP5900 (Software Version 7.1.045, Release 2432P06) as L3 core switches.
We're facing some loss of ICMP packages passing our network infrastructure, between an VMWare Cluster and an NetApp storage via the HP5900. The interconnects are configure as BAGG consisting of two XGE interfaces.

What I'd like to do is to enable packet counter on the involved BAGG interfaces.

I did the following:

[s1core]acl number 3001
[s1core-acl-adv-3001]description ICMP-Request NA2BC
[s1core-acl-adv-3001]rule permit icmp source <IP> 0 destination <IP> 0 counting

I had to use the counting option as it seem Comware supports 'native' hit count only for ACLs using control traffic.
See this thread: Enable-ACL-hit-count-Comware7 

Afterwards I added the packet-filter to the interface counting inbound ICMP traffic:

[s1core]interface Bridge-Aggregation 21
[s1core-Bridge-Aggregation39]packet-filter 3001 inbound

 

Packets are counted as expected:

<s1core>display packet-filter statistics interface Bridge-Aggregation 21 inbound
Interface: Bridge-Aggregation21
 In-bound policy:
  ACL 3001
   rule 0 permit icmp source <IP> 0 destination <IP> 0 counting (616 packets)

 

If I try to add the same ACL as outbound to another BAGG interface I get the following error messages:

[s1core-Bridge-Aggregation39]packet-filter 3001 outbound
Failed to apply ACL 3001 to the outbound direction of interface Bridge-Aggregation39 on slot 1, 2.

Switch Log shows this message:
%Apr  1 15:39:07:438 2020 s1core PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh ACL 3001 to the outbound direction of interface Bridge-Aggregation39. The ACL is not supported.
%Apr  1 15:39:07:447 2020 s1core PFILTER/3/PFILTER_IF_NOT_SUPPORT: -Slot=2; Failed to apply or refresh ACL 3001 to the outbound direction of interface Bridge-Aggregation39. The ACL is not supported.

Could you please confirm that outbound packet-filter for BAGG interfaces are not supported?

Thx, Thomas

7 REPLIES 7
Highlighted
HPE Pro

Re: Configuration of packet-filter counters for BAGG interfaces

Hello ,

I could understand that you are try to account the incoming and outgoing packets  to veifry packet drops / loss in the switch .  I have verifred in my lab seen similar issue , but i would suggest to you below QoS accounting which is working well .

Please test with following configuration and let me know the outcome.

acl number 3000
rule 10 permit icmp source <IP1> 0 destination <IP2> 0
!
traffic classifier test operator and
if-match acl 3000
!
traffic behavior test
accounting packet
!
qos policy test
classifier test behavior test
!
interface Brig 10
qos apply policy test inbound
qos apply policy test outbound

 


I work for HPEAccept or Kudo
Highlighted
Occasional Advisor

Re: Configuration of packet-filter counters for BAGG interfaces

Hi,

I tried the following proposed configuration.

traffic classifier ICMP operator and
if-match acl 3005
#
traffic behavior ICMP
accounting packet
#
qos policy ICMP
classifier ICMP behavior ICMP
#

interface Bridge-Aggregation39
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
packet-filter 3002 inbound
packet-filter 3001 outbound
packet-filter 3000 outbound
qos apply policy ICMP outbound
#
acl number 3005
description testrule for outbound counter
rule 0 permit icmp source 0 destination 0


In the logfile of the switch I see the following messages:

%Apr 6 11:29:11:955 2020 s1core QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior ICMP in policy ICMP to the outbound direction of interface Bridge-Aggregation39. The operation is not supported.
%Apr 6 11:29:11:974 2020 s1core QOS/4/QOS_POLICY_APPLYIF_CBFAIL: -Slot=2; Failed to apply classifier-behavior ICMP in policy ICMP to the outbound direction of interface Bridge-Aggregation39. The operation is not supported.

What would be the related command to display the QoS accounting outcomes of the above config if everything was working well?

Thx, Tommek
Highlighted
HPE Pro

Re: Configuration of packet-filter counters for BAGG interfaces

Hello,

You can use following commad to verify " display qos policy interface  < Name > .  Meanwhile i suggest you to remove all other packet filter in BAGG 39


I work for HPEAccept or Kudo
Highlighted
Occasional Advisor

Re: Configuration of packet-filter counters for BAGG interfaces

I removed all packet-filter and qos policies from that interface.
Afterwards I added the qos policy again.

I still see the operation not supported in the logfile of the switch for the outbound accounting.
Could it be that I run in the same situation as for the counter?
Inbound is working but outbound is not.

[s1core-Bridge-Aggregation39]display qos policy interface Bridge-Aggregation 39
Interface: Bridge-Aggregation39
Direction: Inbound
Policy: ICMP
Classifier: ICMP
Operator: AND
Rule(s) :
If-match acl 3005
Behavior: ICMP
Accounting enable:
0 (Packets)

Interface: Bridge-Aggregation39
Direction: Outbound
Policy: ICMP
Classifier: ICMP (Failed)
Operator: AND
Rule(s) :
If-match acl 3005
Behavior: ICMP
Accounting enable:
Highlighted
HPE Pro

Re: Configuration of packet-filter counters for BAGG interfaces

Hello,

This is looks very strage , i would suggest to log a case with HPE Support to check further . Suspecting its looks like a bug


I work for HPEAccept or Kudo
Highlighted
HPE Pro

Re: Configuration of packet-filter counters for BAGG interfaces

@Tommek The QOS outbound on BAGG is apparently not supported and this is as per design. I have seen this for QOS rate limiting on BAGG's outbound.

You may alternatively apply QOS on the physical interfaces of the BAGG individually. Then do a "display qos policy interface" as advised by @jmpk 

 

Let me know if that works.

 

Accept or Kudo

Highlighted
Occasional Advisor
Solution

Re: Configuration of packet-filter counters for BAGG interfaces

Hi Brian,

I managed to get the information I was looking for by applying the counter config to the BAGG interfaces (inbound).
There I see a difference between the total sum of inbound ICMP packets. This points me to the path where I need to dive deeper do identify the cause of the packet loss. It is not anymore related to HPE equipment, thus I would consider this thread as closed.

Thanks for your support.