Traffic matching the internal control network is dropped by NPM.Traffic is dropped by an NPM and the Drop reason is "L3 drop policy", e.g:
CBS# show flow active proto 1
This command may take a few minutes. Do you want to continue? <Y or N> [Y]:
Module Source Destination Prot Dom TTI/MAX np1 188.8.131.52:0 184.108.40.206:0 1 1 00:30/00:30 Drop(L3 drop policy) rx circuit 1026 Master np1 Fast Path Y rx packets 0
An NPM drops traffic with the reason "L3 drop policy" if the inbound packets match a flow rule defined with the action Drop.
If no user-defined flow rule exists with action Drop, you should compare the source and destination address with the configured system internal network. In the above example, traffic matches the default internal network 220.127.116.11/16. To protect the control plane, the NPM always implements a default IP flow rule, which drops all packets that conflict with the system internal network.
If the dropped traffic is valid, you may need to set the internal network to another unused network.
To list default IP flow rules run
To display the configured internal network run
Imported Document ID: 000019973
Subscribing will provide email updates when this Article is updated. Login is required.