Troubleshoot Buffer Leaks
Available Languages
Introduction
Buffer leaks are Cisco IOS® software bugs. There are two kinds of buffer leaks:
-
Wedged interface buffer leaks.
-
System buffer leaks.
In order to troubleshoot buffer leaks, you must identify the type of buffer leak you encounter. The show interfaces and show buffers commands are very helpful in this situation.
If you have the output of show interfaces and show buffers commands from your Cisco device, you can use Cisco CLI Analyzer to display potential issues and fixes. To use Cisco CLI Analyzer, you must be a registered customer, be logged in, and have JavaScript enabled.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Wedged Interface Buffer Leaks
Wedged interface buffer leaks cause the input queue of an interface to fill up to the point where it can no longer accept packets. Under some specific traffic conditions, the input queue on an interface becomes wedged or, in other words, the input queue count is larger than the queue depth.
Here is an example of output from the show interfaces command, which shows that the interface is wedged:
Ethernet0/0 is up, line protocol is up Output queue 0/40, 0 drops; input queue 76/75, 1250 drops
The symptom of such buffer leak is a full input queue (76/75). Here, the values 76 and 75 represent the number of packets in the input queue, and the maximum size of the input queue, respectively. In this case, the number of packets in the input queue is larger than the queue depth. This is called a "wedged interface". When an interface is wedged, the router no longer forwards traffic that comes from the affected interface.
Reload the router to free the input queue and restore traffic until the queue is full again. This can take anywhere between a few seconds and a few weeks, based on the severity of the leak.
Caution: Before you reload the router, ensure that you collect all the necessary information to identify the culprit.
Use these commands to identify the source of the buffer leak:
-
show buffers pool [pool name] [packet/header]
-
show buffers old (Use this command only if debug sanity is enabled.
Note: The debug sanity command is hidden in most Cisco IOS software releases. With debug sanity enabled, every buffer that is used in the system is sanity-checked when it is allocated, and again when it is freed.
Note: You must issue the debug sanity command in privileged EXEC mode (enable mode). Although this command uses some CPU capacity, it does not significantly affect the functionality of the router. Like other debug commands, debug sanity is not saved in the configuration. Therefore, this command will not survive a reboot of the system.
Note: In order to disable sanity checking, use the privileged EXEC command undebug sanity.)
-
show buffer assigned
System Buffer Leaks
This section discusses system buffer leaks.
Here is an example of output from the show buffers command, which indicates a buffer leak in one of the system buffer pools:
Middle buffers, 600 bytes (total 20825, permanent 180): 286 in free list (20 min, 400 max allowed) 89122311 hits, 99597 misses, 133679 trims, 154324 created 2247 failures (0 no memory)
This show buffers command output indicates a buffer leak in the middle buffers pool. There is a total of 20825 middle buffers in the router, and only 286 are in the free list. This implies that some process takes all the buffers, but does not return them.
Other symptoms of this type of buffer leak are "%SYS-2-MALLOCFAIL" error messages for the pool processor or the input/output (I/O), based on the platform.
Use these commands to identify the source of the buffer leak:
-
show buffers old (Use this command only if debug sanity is enabled.
Note: The debug sanity command is hidden in most Cisco IOS software releases. With debug sanity enabled, every buffer that is used in the system is sanity-checked when it is allocated, and again when it is freed.
Note: You must issue the debug sanity command in privileged EXEC mode (enable mode). Although this command uses some CPU capacity, it does not significantly affect the functionality of the router. Like other debug commands, debug sanity is not saved in the configuration. Therefore, this command will not survive a reboot of the system.
Note: In order to disable sanity checking, use the privileged EXEC command undebug sanity.)
-
show buffers pool [pool name] [packet/header]
-
show buffer assigned
Tips to Troubleshoot
Buffer leaks are Cisco IOS software bugs. In order to fix known buffer leak bugs, upgrade to the latest version in your release train. For example, if you currently run Cisco IOS Software Release 11.2(14), upgrade to the latest 11.2(x) image. If this does not help, or if it is not possible to upgrade the router, contact the Cisco TAC, and provide the engineer with the output of the relevant show buffers commands, and the output of the show tech-support command.
Here are some tips to help you identify the packets that cause the buffer leak:
-
When you detect a buffer leak, use the associated show buffers commands to find a pattern in the packets that use so many buffers.
-
When you identify the type of packets, try to come up with a solution to prevent the leak (for example, use an access-list to filter those packets).
Here are output examples from associated show commands:
Router#show interface ethernet 0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0050.3ee8.4060 (bia 0050.3ee8.4060)
Internet address is 10.200.40.37/22
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:51, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 76/75, 1250 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
15686 packets input, 2872866 bytes, 0 no buffer
Received 15342 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
10352 packets output, 1031158 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 2 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router#show buffers old
Header DataArea Pool Rcnt Size Link Enc Flags Input Output
80F09828 1A00084 Small 1 54 11 11 201 Et0/0 None
80F09A34 1A001C4 Small 1 54 11 11 201 Et0/0 None
80F09C40 1A00304 Small 1 54 11 11 201 Et0/0 None
80F09E4C 1A00444 Small 1 54 11 11 201 Et0/0 None
80F0A058 1A00584 Small 1 54 11 11 201 Et0/0 None
80F0A264 1A006C4 Small 1 54 11 11 201 Et0/0 None
80F0A470 1A00804 Small 1 54 11 11 201 Et0/0 None
80F0A67C 1A00944 Small 1 54 11 11 201 Et0/0 None
80F0A888 1A00A84 Small 1 54 11 11 201 Et0/0 None
80F0AA94 1A00BC4 Small 1 54 11 11 201 Et0/0 None
80F0ACA0 1A00D04 Small 1 54 11 11 201 Et0/0 None
80F0AEAC 1A00E44 Small 1 54 11 11 201 Et0/0 None
80F0B0B8 1A00F84 Small 1 54 11 11 201 Et0/0 None
80F0B2C4 1A010C4 Small 1 54 11 11 201 Et0/0 None
80F0B4D0 1A01204 Small 1 54 11 11 201 Et0/0 None
80F0B6DC 1A01344 Small 1 54 11 11 201 Et0/0 None
80F0B8E8 1A01484 Small 1 54 11 11 201 Et0/0 None
80F0BAF4 1A015C4 Small 1 54 11 11 201 Et0/0 None
80F0BD00 1A01704 Small 1 54 11 11 201 Et0/0 None
80F0BF0C 1A01844 Small 1 54 11 11 201 Et0/0 None
80F0C118 1A01984 Small 1 54 11 11 201 Et0/0 None
80F0C324 1A01AC4 Small 1 54 11 11 201 Et0/0 None
80F0C530 1A01C04 Small 1 54 11 11 201 Et0/0 None
80F0C73C 1A01D44 Small 1 54 11 11 201 Et0/0 None
80F5F644 1B9B0A4 Small 1 54 11 11 201 Et0/0 None
80FDF118 1B78604 Small 1 54 11 11 201 Et0/0 None
80FDF324 1B78744 Small 1 54 11 11 201 Et0/0 None
80FDF530 1B78884 Small 1 54 11 11 201 Et0/0 None
80FDF73C 1B789C4 Small 1 54 11 11 201 Et0/0 None
80FDF948 1B78B04 Small 1 54 11 11 201 Et0/0 None
80FDFB54 1B78C44 Small 1 54 11 11 201 Et0/0 None
80FDFD60 1B78D84 Small 1 54 11 11 201 Et0/0 None
80FDFF6C 1B78EC4 Small 1 54 11 11 201 Et0/0 None
80FE0178 1B79004 Small 1 54 11 11 201 Et0/0 None
80FE0384 1B79144 Small 1 54 11 11 201 Et0/0 None
80FE0590 1B79284 Small 1 54 11 11 201 Et0/0 None
80FE079C 1B793C4 Small 1 54 11 11 201 Et0/0 None
80FE09A8 1B79504 Small 1 54 11 11 201 Et0/0 None
80FE0BB4 1B79644 Small 1 54 11 11 201 Et0/0 None
80FE0DC0 1B79784 Small 1 54 11 11 201 Et0/0 None
80FE0FCC 1B798C4 Small 1 54 11 11 201 Et0/0 None
80FE11D8 1B79A04 Small 1 54 11 11 201 Et0/0 None
80FE13E4 1B79B44 Small 1 54 11 11 201 Et0/0 None
80FE15F0 1B79C84 Small 1 54 11 11 201 Et0/0 None
80FE17FC 1B79DC4 Small 1 54 11 11 201 Et0/0 None
80FE1A08 1B79F04 Small 1 54 11 11 201 Et0/0 None
80FE1C14 1B7A044 Small 1 54 11 11 201 Et0/0 None
80FE1E20 1B7A184 Small 1 54 11 11 201 Et0/0 None
80FE202C 1B7A2C4 Small 1 54 11 11 201 Et0/0 None
80FE2238 1B7A404 Small 1 54 11 11 201 Et0/0 None
81107F40 1B9B1E4 Small 1 54 11 11 201 Et0/0 None
8110814C 1B9B324 Small 1 54 11 11 201 Et0/0 None
81108358 1B9B464 Small 1 54 11 11 201 Et0/0 None
81108564 1B9B5A4 Small 1 54 11 11 201 Et0/0 None
8110897C 1B9B824 Small 1 54 11 11 201 Et0/0 None
81108B88 1B9B964 Small 1 54 11 11 201 Et0/0 None
81108D94 1B9BAA4 Small 1 54 11 11 201 Et0/0 None
81108FA0 1B9BBE4 Small 1 54 11 11 201 Et0/0 None
811093B8 1B9BE64 Small 1 54 11 11 201 Et0/0 None
811095C4 1B9BFA4 Small 1 54 11 11 201 Et0/0 None
811097D0 1B9C0E4 Small 1 54 11 11 201 Et0/0 None
811099DC 1B9C224 Small 1 54 11 11 201 Et0/0 None
81109DF4 1B9C4A4 Small 1 54 11 11 201 Et0/0 None
8110A000 1B9C5E4 Small 1 54 11 11 201 Et0/0 None
8110A20C 1B9C724 Small 1 54 11 11 201 Et0/0 None
8110A418 1B9C864 Small 1 54 11 11 201 Et0/0 None
81121364 1B9CC24 Small 1 54 11 11 201 Et0/0 None
81121570 1B9CD64 Small 1 54 11 11 201 Et0/0 None
81121988 1B9CFE4 Small 1 54 11 11 201 Et0/0 None
81121B94 1B9D124 Small 1 54 11 11 201 Et0/0 None
81121FAC 1B9D3A4 Small 1 54 11 11 201 Et0/0 None
811221B8 1B9D4E4 Small 1 54 11 11 201 Et0/0 None
811225D0 1B9D764 Small 1 54 11 11 201 Et0/0 None
811227DC 1B9D8A4 Small 1 54 11 11 201 Et0/0 None
811229E8 1B9D9E4 Small 1 54 11 11 201 Et0/0 None
81122BF4 1B9DB24 Small 1 54 11 11 201 Et0/0 None
Router#show buffers old header
Buffer information for Small buffer at 0x80F09828
data_area 0x1A00084, refcount 1, next 0x0, flags 0x201
linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7
if_input 0x80F57BE0 (Ethernet0/0), if_output 0x0 (None)
inputtime 0x4CDFC58, outputtime 0x0, oqnumber 65535
datagramstart 0x1A000CA, datagramsize 54, maximum size 260
mac_start 0x1A000CA, addr_start 0x1A000CA, info_start 0x0
network_start 0x1A000D8, transport_start 0x0
source:BE200040.0060.09c3.f9fe socket 0453
destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01
Buffer information for Small buffer at 0x80F09A34
data_area 0x1A001C4, refcount 1, next 0x0, flags 0x201
linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7
if_input 0x80F57BE0 (Ethernet0/0), if_output 0x0 (None)
inputtime 0x4CDFAA0, outputtime 0x0, oqnumber 65535
datagramstart 0x1A0020A, datagramsize 54, maximum size 260
mac_start 0x1A0020A, addr_start 0x1A0020A, info_start 0x0
network_start 0x1A00218, transport_start 0x0
source:BE200040.0060.09c3.f9fe socket 0453
destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01
Buffer information for Small buffer at 0x80F09C40
data_area 0x1A00304, refcount 1, next 0x0, flags 0x201
linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7
if_input 0x80F57BE0 (Ethernet0/0), if_output 0x0 (None)
inputtime 0x4CDF8D7, outputtime 0x0, oqnumber 65535
datagramstart 0x1A0034A, datagramsize 54, maximum size 260
mac_start 0x1A0034A, addr_start 0x1A0034A, info_start 0x0
network_start 0x1A00358, transport_start 0x0
source:BE200040.0060.09c3.f9fe socket 0453
destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01
....
Router#show buffers input-interface ethernet 0/0
Header DataArea Pool Rcnt Size Link Enc Flags Input Output
80F09828 1A00084 Small 1 54 11 11 201 Et0/0 None
80F09A34 1A001C4 Small 1 54 11 11 201 Et0/0 None
80F09C40 1A00304 Small 1 54 11 11 201 Et0/0 None
80F09E4C 1A00444 Small 1 54 11 11 201 Et0/0 None
80F0A058 1A00584 Small 1 54 11 11 201 Et0/0 None
80F0A264 1A006C4 Small 1 54 11 11 201 Et0/0 None
80F0A470 1A00804 Small 1 54 11 11 201 Et0/0 None
80F0A67C 1A00944 Small 1 54 11 11 201 Et0/0 None
80F0A888 1A00A84 Small 1 54 11 11 201 Et0/0 None
80F0AA94 1A00BC4 Small 1 54 11 11 201 Et0/0 None
80F0ACA0 1A00D04 Small 1 54 11 11 201 Et0/0 None
80F0AEAC 1A00E44 Small 1 54 11 11 201 Et0/0 None
80F0B0B8 1A00F84 Small 1 54 11 11 201 Et0/0 None
80F0B2C4 1A010C4 Small 1 54 11 11 201 Et0/0 None
80F0B4D0 1A01204 Small 1 54 11 11 201 Et0/0 None
80F0B6DC 1A01344 Small 1 54 11 11 201 Et0/0 None
80F0B8E8 1A01484 Small 1 54 11 11 201 Et0/0 None
80F0BAF4 1A015C4 Small 1 54 11 11 201 Et0/0 None
80F0BD00 1A01704 Small 1 54 11 11 201 Et0/0 None
80F0BF0C 1A01844 Small 1 54 11 11 201 Et0/0 None
80F0C118 1A01984 Small 1 54 11 11 201 Et0/0 None
80F0C324 1A01AC4 Small 1 54 11 11 201 Et0/0 None
80F0C530 1A01C04 Small 1 54 11 11 201 Et0/0 None
80F0C73C 1A01D44 Small 1 54 11 11 201 Et0/0 None
80F5F644 1B9B0A4 Small 1 54 11 11 201 Et0/0 None
80FDF118 1B78604 Small 1 54 11 11 201 Et0/0 None
80FDF324 1B78744 Small 1 54 11 11 201 Et0/0 None
80FDF530 1B78884 Small 1 54 11 11 201 Et0/0 None
80FDF73C 1B789C4 Small 1 54 11 11 201 Et0/0 None
80FDF948 1B78B04 Small 1 54 11 11 201 Et0/0 None
80FDFB54 1B78C44 Small 1 54 11 11 201 Et0/0 None
80FDFD60 1B78D84 Small 1 54 11 11 201 Et0/0 None
80FDFF6C 1B78EC4 Small 1 54 11 11 201 Et0/0 None
80FE0178 1B79004 Small 1 54 11 11 201 Et0/0 None
80FE0384 1B79144 Small 1 54 11 11 201 Et0/0 None
80FE0590 1B79284 Small 1 54 11 11 201 Et0/0 None
80FE079C 1B793C4 Small 1 54 11 11 201 Et0/0 None
80FE09A8 1B79504 Small 1 54 11 11 201 Et0/0 None
80FE0BB4 1B79644 Small 1 54 11 11 201 Et0/0 None
80FE0DC0 1B79784 Small 1 54 11 11 201 Et0/0 None
80FE0FCC 1B798C4 Small 1 54 11 11 201 Et0/0 None
80FE11D8 1B79A04 Small 1 54 11 11 201 Et0/0 None
80FE13E4 1B79B44 Small 1 54 11 11 201 Et0/0 None
80FE15F0 1B79C84 Small 1 54 11 11 201 Et0/0 None
80FE17FC 1B79DC4 Small 1 54 11 11 201 Et0/0 None
80FE1A08 1B79F04 Small 1 54 11 11 201 Et0/0 None
80FE1C14 1B7A044 Small 1 54 11 11 201 Et0/0 None
80FE1E20 1B7A184 Small 1 54 11 11 201 Et0/0 None
80FE202C 1B7A2C4 Small 1 54 11 11 201 Et0/0 None
80FE2238 1B7A404 Small 1 54 11 11 201 Et0/0 None
81107F40 1B9B1E4 Small 1 54 11 11 201 Et0/0 None
8110814C 1B9B324 Small 1 54 11 11 201 Et0/0 None
81108358 1B9B464 Small 1 54 11 11 201 Et0/0 None
81108564 1B9B5A4 Small 1 54 11 11 201 Et0/0 None
8110897C 1B9B824 Small 1 54 11 11 201 Et0/0 None
81108B88 1B9B964 Small 1 54 11 11 201 Et0/0 None
81108D94 1B9BAA4 Small 1 54 11 11 201 Et0/0 None
81108FA0 1B9BBE4 Small 1 54 11 11 201 Et0/0 None
811093B8 1B9BE64 Small 1 54 11 11 201 Et0/0 None
811095C4 1B9BFA4 Small 1 54 11 11 201 Et0/0 None
811097D0 1B9C0E4 Small 1 54 11 11 201 Et0/0 None
811099DC 1B9C224 Small 1 54 11 11 201 Et0/0 None
81109DF4 1B9C4A4 Small 1 54 11 11 201 Et0/0 None
8110A000 1B9C5E4 Small 1 54 11 11 201 Et0/0 None
8110A20C 1B9C724 Small 1 54 11 11 201 Et0/0 None
8110A418 1B9C864 Small 1 54 11 11 201 Et0/0 None
81121364 1B9CC24 Small 1 54 11 11 201 Et0/0 None
81121570 1B9CD64 Small 1 54 11 11 201 Et0/0 None
81121988 1B9CFE4 Small 1 54 11 11 201 Et0/0 None
81121B94 1B9D124 Small 1 54 11 11 201 Et0/0 None
81121FAC 1B9D3A4 Small 1 54 11 11 201 Et0/0 None
811221B8 1B9D4E4 Small 1 54 11 11 201 Et0/0 None
811225D0 1B9D764 Small 1 54 11 11 201 Et0/0 None
811227DC 1B9D8A4 Small 1 54 11 11 201 Et0/0 None
811229E8 1B9D9E4 Small 1 54 11 11 201 Et0/0 None
81122BF4 1B9DB24 Small 1 54 11 11 201 Et0/0 None
Router#show buffers address 81122BF4 dump
Buffer information for Small buffer at 0x81122BF4
data_area 0x1B9DB24, refcount 1, next 0x0, flags 0x201
linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7
if_input 0x80F57BE0 (Ethernet0/0), if_output 0x0 (None)
inputtime 0x4CE2BFC, outputtime 0x0, oqnumber 65535
datagramstart 0x1B9DB6A, datagramsize 54, maximum size 260
mac_start 0x1B9DB6A, addr_start 0x1B9DB6A, info_start 0x0
network_start 0x1B9DB78, transport_start 0x0
source:BE200040.0060.09c3.f9fe socket 0453
destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01
01B9DB20: 00000000 00000000 00000000 00000000 ................
01B9DB30: 00000000 00000000 00000000 00000000 ................
01B9DB40: 00000000 00000000 00000000 00000000 ................
01B9DB50: 00000000 00000000 00000000 00000000 ................
01B9DB60: 00000000 00000000 0000FFFF FFFFFFFF ................
01B9DB70: 006009C3 F9FE0028 FFFF0028 0001BE20 .`.Cy~.(...(..>
01B9DB80: 0040FFFF FFFFFFFF 0453BE20 00400060 .@.......S> .@.`
01B9DB90: 09C3F9FE 04530001 00000040 06000200 .Cy~.S.....@....
01B9DBA0: 00000000 00000000 00000000 00000000 ................
01B9DBB0: 00000000 00000000 00000000 00000000 ................
01B9DBC0: 00000000 00000000 00000000 00000000 ................
01B9DBD0: 00000000 00000000 00000000 00000000 ................
01B9DBE0: 00000000 00000000 00000000 00000000 ................
01B9DBF0: 00000000 00000000 00000000 00000000 ................
01B9DC00: 00000000 00000000 00000000 00000000 ................
01B9DC10: 00000000 00000000 00000000 00000000 ................
01B9DC20: 00000000 00 .....
Router#
If you are unable to identify a pattern in the buffers, capture the output of the show commands (for example, show buffers old), and save it to a file (such as, buffers.log). Then, try to isolate the pattern with the help of the UNIX "grep" utility, or something similar.
grep linktype buffers.log linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 0 (None), enctype 0 (None), encsize 0, rxtype 0 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 linktype 11 (NOVELL), enctype 11 (NOVELL-ETHER), encsize 14, rxtype 7 ... !--- Here you can clearly see a lot of NOVELL-related buffers.
!--- The problem seems to be with the IPX packets.
!--- You can check this through the wc -l (to count lines) command on a UNIX system. grep linktype buffers.log | wc -l 175 grep linktype buffers.log | grep NOVELL-ETHER | wc -l 153 !--- 153 out of 175 old buffers are IPX packets. Try to find out what
!--- type of packets they are with another grep command: grep socket buffers.log source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 destination: BE200040.ffff.ffff.ffff socket 0453 protocol 01 source:BE200040.0060.09c3.f9fe socket 0453 ... !--- There are Broadcasts to socket 453, protocol 01...
!--- Those are IPX RIP packets.
!--- Disable IPX RIP, or use IPX EIGRP instead, until a bug fix is available.
In summary:
-
Verify whether you have a buffer leak.
Buffer leaks are often misinterpreted as a burst of traffic (with many packets that go to process-switching due to an incorrect configuration or an unsupported feature), or as an attack.
-
Buffer leaks are Cisco IOS software bugs. The best solution for this issue is to upgrade the Cisco IOS software to the latest version.
-
If this fails, contact the Cisco TAC and provide the engineer with output of relevant show buffers and show tech-support commands.
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
10-Dec-2001 |
Initial Release |
Feedback