[c-nsp] accounting/cache/cache flow/cef

Rodney Dunn rodunn at cisco.com
Tue Sep 14 14:38:31 EDT 2004 

Two things.

Sometimes 'sh cef int' will tell you if it's punting
to the next slowest feature path and why.

Also, make sure in your ACL's you don't have any
log keywords.  If you need that data use the
netflow export data with a Null0 destination interface.

Oh...there it is.  NAT.  That will punt for SYN, FIN,
RST packets to build the translation table.

That was changed in 12.3(4)T (I think that's where it
changed).

PBR is in the CEF path so I bet it's NAT causing the punts
which create the fastcache entries.

One nifty way to debug it is to do this.

Do sh ip cache flow
pick a small subnet that has a fastcache entry
build an ACL that matches on packets going to that subnet
do 'debug ip packet <acl> dump'
then do 'clear ip cache'

Decode the packet header to see if it's a TCP SYN, RST, FIN.

The debugs only print packets at process level and when
you clear the cache you punt the first packet to build the cache
so it will catch in the debug.

I know it's newer code but if I was doing NAT I'd be making
plans to go with the new code that has the CEF capability
to build the NAT flows in the interrupt path.

Rodney


On Tue, Sep 14, 2004 at 10:08:59PM +0530, Amol Sapkal wrote:
> > 
> > > sh ip cache
> > 
> > That shows the output of the old fastswitching cache.
> > If you have CEF on your 'sh ip cache' should really be
> > empty.
> 
> 
> I have cef enabled globally and this and still, sh ip cache is not empty.
> 
> The interface Fa4/0/0.1 appears in the cache output.
> Here are the configs:
> 
> gtl-core-mds#sh runn int Fa4/0/0.1
> Building configuration...
> 
> Current configuration : 227 bytes
> !
> interface FastEthernet4/0/0.1
>  description "VLAN for SIL"
>  encapsulation isl 201
>  ip address 10.7.1.5 255.255.255.248
>  no ip redirects
>  no ip proxy-arp
>  ip nat inside
>  no ip mroute-cache
>  ip policy route-map Uplink_SIL
> end
>     
> On Fa4/0/0:
> 
> interface FastEthernet4/0/0
>  no ip address
>  ip access-group UDP in
>  ip access-group UDP out
>  ip route-cache flow
>  no ip route-cache distributed
>  full-duplex
>  no cdp enable
> end
> 
> 
> How do I relate the above?
> 
> 
> > 
> > > sh ip cache flow
> > 
> > Shows the netflow cache which is exported to some form
> > of netflow collector if you  have it configured to export.
> > This is the recommended way to do packet accounting.
> > 
> > >
> > >
> > > Assuming that I have enabled:
> > > 1.cef globally
> > > 2.ip route cache flow, on outgoing interfaces to my peer
> > 
> > ip route-cache flow is only inbound flow on an interface
> > unless you have some sort of egress netflow support.
> > 
> > > 3.ip accounting output-packets, on outgoing interfaces to my peer
> > 
> > ip accounting is the old way of doing packet accounting.
> > We don't recommend using it.  The way to monitor traffic
> > flows accurately is via netflow.
> > 
> > You can put the netflow on all interfaces and then sort
> > by egress interface to get cumulative egress packet counters.
> > 
> > >
> > >
> > >
> > >
> > > Can anyone explain me how do I relate the outputs of above command?
> > >
> > > Also (being a bit lazy) what is this mroute-cache?
> > 
> > It's for multicast fastswitching.  If you are no doing multicast
> > don't worry about it.  If you are, turn it on.
> > 
> > >
> > >
> > >
> > > --
> > > Warm Regds,
> > >
> > > Amol Sapkal
> > >
> > > --------------------------------------------------------------------
> > > An eye for an eye makes the whole world blind
> > > - Mahatma Gandhi
> > > --------------------------------------------------------------------
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> 
> 
> 
> -- 
> Warm Regds,
> 
> Amol Sapkal
> 
> --------------------------------------------------------------------
> An eye for an eye makes the whole world blind 
> - Mahatma Gandhi
> --------------------------------------------------------------------

More information about the cisco-nsp mailing list