I have used GNS3 for years, and really like the new version (which includes the virtual machine and support for IOU).  As I built out my lab, I started noticing issues with my switches.  They symptoms were high CPU (on the host), the switch would not pass layer 3 traffic (OSPF), spanning-tree was broken (all switches showed themselves to be root).  If I removed the switches from the setup, low CPU and OSPF worked.  On the switch itself the following error kept rolling over “%AMDP2_FE-6-EXCESSCOLL:” and would alternate on the interface that had the error.  I did some Google searches and what I kept finding was how to hide the error from the logs.  To me that was not solving the problem.  I was able to find a blog from Route Reflector Labs in which the issue looks like “IOU L2 causes a lot of loopback traffic”.  A policy map was created and added to the control plane.  The policy map from Route Reflector Labs didn’t work on the version that I am using.  Using a Cisco reference allowed for the changed format to be modified.  Once I added the control policy I was able to have reach ability through my lab.  Here is the policy I used for 15.1:

class-map match-all ARP
match protocol arp
!
policy-map ARP-limit
class ARP
police rate 8000 pps burst 28 packets peak-rate 8000 pps    conform-action transmit     exceed-action drop     violate-action drop
!
control-plane
service-policy input ARP-limit

I still see some error messages “%AMDP2_FE-6-EXCESSCOLL:” but nothing like before.  The Cisco link also provided some good show commands to assist with troubleshooting Control Plan policies.

Route Reflector Labs

Cisco Control Plane

Update 6/26

What I noticed after adding the above policy is that if I had to use a switch for L3 (VLAN interface or routing protocol) that packets were being dropped.  So I remembered a control plane policy that a former co-worker (Mike S) used and I added that to my lab.  Once I did it allowed ping to my VLAN interface and also controlled the interface error message.  I added the various protocols since I plan on using most of them during my labs.

ip access-list extended ControlBlock
remark other management plane traffic that should not be received
permit ospf any any
permit udp any any eq rip
permit pim any any
permit igmp any 224.0.0.0 15.255.255.255
permit udp any any eq ntp
permit udp any any eq snmptrap
permit tcp any any eq 22
remark other control plane traffic not configured on router
permit eigrp any any
permit udp any any eq rip
deny ip any any
ip access-list extended ControlIPDefault
permit ip any any
ip access-list extended ControlNormal
remark we will want to rate limit ICMP traffic
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
deny ip any any
!
class-map match-all ControlBlock
match access-group name ControlBlock
match protocol arp
class-map match-all ControlIPDefault
match access-group name ControlIPDefault
class-map match-all ControlNormal
match access-group name ControlNormal
!
policy-map CONTROL_PLANE_POLICY
class ControlNormal
police 128000 2000 conform-action transmit exceed-action drop
class ControlBlock
police 64000 1000 conform-action drop exceed-action drop
class ControlIPDefault
police 4000000 8000 conform-action transmit exceed-action drop
class class-default
police 4000000 8000 conform-action transmit exceed-action drop
!
control-plane
service-policy input CONTROL_PLANE_POLICY

 

 

GNS3 error “%AMDP2_FE-6-EXCESSCOLL:”
Tagged on: