RE: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS attacks w

From: Basa, Angelito A. (BasaAA@etpi.com.ph)
Date: Mon May 28 2001 - 03:55:01 EDT

Next message: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Previous message: Gert Doering: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS attacks w"
Next in thread: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Reply: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Siva,

Yes, I understand that flow switching only gathers flow data with CEF
enabled.

I have the full Internet routing table there and that dCEF keeps a separate
FIB in the VIP plus the ip flow cache in its memory. And that the CEF white
paper on the Cisco site recommends a minimum of 32MB memory per VIP line
card in distributed mode.

Does that mean I can configure dCEF on all VIP (VIP2-50 128 MB) interfaces
(HSSI, Serial T3 and FE) with no worries?

perhaps I can see also a reduction in RSP CPU utilization and higher
throughput as I plan to install
newly-purchsed VIPs.

thanks for your help.

tito

> ----------
> From: Siva Valliappan[SMTP:svalliap@cisco.com]
> Sent: Monday, May 28, 2001 2:56 PM
> To: BasaAA@etpi.com.ph
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] [nsp] VIP if-con and IOS switching (was:
> Monitoring DoS attacks w
>
> one caution when checking VIP CPU. it is normal for the VIP cpu
> to be at 99% if the VIP is doing receive side buffering. receive
> side buffering is enabled if you are running DCEF. if you see a
> VIP cpu at 99%, please check if receive side buffering is in
> effect via
>
> show controller vip <slot> acc
>
> from the RSP or
>
> show vip acc
>
> from the vip console.
>
> with respect to the second part of your question -
> when you enable netflow on a router that is doing CEF switching, flow
> only does accounting. it does not switch packets. when netflow
> is enabled with DCEF, the VIP does the accounting and passes up
> aggregated flows to the RSP. netflow needs memory to keep track of
> the flows running through the router, so your memory requirements
> when running netflow + cef will be higher then just running netflow.
>
> RSP based DFS only co-exists with DCEF in 11.1()CC. in 12.0 and later
> code, distributed fast-switching, and the optimized cache based switching
> schemes such as (optimum and flow (for switching purposes) were removed.
> the only switching scheme other CEF is plain fast-switching for RSP
> based platforms.
>
> regards
> .siva

Next message: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Previous message: Gert Doering: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS attacks w"
Next in thread: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Reply: Siva Valliappan: "Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT