The following list of questions/vectors can assist in troubleshooting Layer 2 discard issues. They have been of help to me in the past on more than one occasion.
- What Switches/Models? What firmware versions? Look at the subsequent firmwares’ release notes for any identified issues, resolved caveats etc. that match what you re experiencing.
- What type of Traffic (LAN, iSCSI etc.)
- What ports ? internal or external ? What device on the other end ?
- Tx or Rx ?
- Traffic Load ? CPU Load ? show logs ? Other L2 Errors ? Layer3 IP routing or ACL drops/discards as opposed to interface packet drops/discards (switch interfaces).
- Since when? Only during Peak or constant regardless of load ? what time frame is the discards for ?
- Utilization Peak vs. Average ? pattern (every x number of hours ?)
- Utilization on other end ? L2 stats ( dropped, Tx, Rx etc.)
- VLAN mismatch (check VLAN stats on both sides also)? L2 mismatch (Speed/Duplex) ? ACLs? QoS ?
- ARP Table Refresh ? MTU & Flow Control ? STP discards due to blocked topology ?
The causes can be many, including (but not limited to) the following:
- the device does not have a route to send the packet to the destination,
- the device has been configured to discard certain traffic or
- the device lacks resources to do anything with the packet (such as full buffers).
- “InDiscards”, are almost always caused by a port that is receiving tagged frames for a VLANID that that port is not a member of.
- “NoResourcesPktsDropped” on the other hand are generally caused by a switch that’s “low on/out of” buffer memory, so it will start dropping packets.
- Rx discards could be faulty cabling, interface or NIC. One reason is mismatched VLANs. Check the Configured VLANs on each switch port. The port with the RX discards will be “missing” a VLAN as compared to the other end of the trunk. The switch just “discards” the packets arriving on the missing VLAN. Once the VLANs were matched up, the discards stopped. All broadcast traffic in that vlan will be discarded by the switch port.
- TX discards usually equates to output drops in Show interface. That is generally from the port queue’s filling up and tail dropping because it cannot transmit the data fast enough out the port. Transmit discards are *not* errors.The first fix is to stop using UDP for the transfer and use TCP for the window control. Transmit Discards indicate that packets were not transmitted because of network congestion. It can’t handle any more packets, so the switch tries to queue them up. Once the queues/buffers are full, the packets are discarded.
- Also, note that average utilization is a bad indicator of peak utilization. You can have a very low average utilization but still have out discards if there’s a spike of traffic greater than link speed + egress buffer.
- CRC or duplex mismatches would show as errors not discards. A vlan interface like any other interface has resources assigned , buffers etc. When these are over run you see discards. If the other interfaces that have the errors are Ethernet, you may want to check that both sides of that interface are set to the same speed/duplex, if they are not, you will transmit/receive discards and errors. Changing interfaces may help.
- If you have ACLs on your vlan, the packets that are dropped because of that ACL may be shown as discards.
- ARP table refresh. On many platforms, the ARP table entries are held for 4 hours. thus, Every 4 hours, ARP cache would be flushed and suddenly your may see thousands of ARP requests a second, causing some interfaces to fill buffer space.
- The discards can also be caused by packets with an MTU size that is too large and have the DF bit set.
- “A discard can occur because a packet was sent to a TCP/UDP port for which there was no listener. E.g. if someone tried to make a telnet connection to the IP address on the VLAN interface, but telnet was disabled.”