Re: [nsp] tcp intercept and CPU

From: Siva Valliappan (svalliap@cisco.com)
Date: Sat Oct 28 2000 - 14:25:31 EDT

Next message: George Robbins: "Re: [nsp] tcp intercept and CPU"
Previous message: Hank Nussbacher: "[nsp] tcp intercept and CPU"
In reply to: Hank Nussbacher: "[nsp] tcp intercept and CPU"
Next in thread: George Robbins: "Re: [nsp] tcp intercept and CPU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

tcp intercept disables distributed switching. if you were previous
running DCEF, and you enabled tcp intercept, the packets will be
passed up to the RSP to be switched, hence the higher cpu. if you
were just running regular CEF, the higher cpu is caused by the
additional load on the RSP to examine traffic that is traversing the box.

regards
.siva

>
> Running on a Cisco 7507 [RSP4, ip cef], with IOS 12.0(11). CPU was at
> 15%. After turning on tcp intercept CPU runs around 40-50%. Typical level
> of SYNs runs around:
>
> dexamol#sho tcp inter stat
> Intercepting new connections using access-list 120
> 34 incomplete, 292 established connections (total 326)
> 367 connection requests per minute
>
> Does anyone know how to reduce CPU when running tcp intercept?
>
> -Hank
>

Next message: George Robbins: "Re: [nsp] tcp intercept and CPU"
Previous message: Hank Nussbacher: "[nsp] tcp intercept and CPU"
In reply to: Hank Nussbacher: "[nsp] tcp intercept and CPU"
Next in thread: George Robbins: "Re: [nsp] tcp intercept and CPU"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:20 EDT