[c-nsp] slow convergence for full bgp table on aCisco7613/SUP720-3BXL
Saku Ytti
saku+cisco-nsp at ytti.fi
Wed Mar 14 06:16:31 EST 2007
On (2007-03-14 11:25 +0200), Emanuel Popa wrote:
> Thanks for your feedback on this issue. It appears that we may have
> found a solution for our problem. It seems that the TCP session was
> throttled indeed and removing cef receive rate-limit did it for us:
>
> "no mls rate-limit unicast cef receive 1500"
>
> We installed this rate-limit about an year ago when we defined the
> control-plane policing on our Cisco 7600 gear because we often had
> problems with IGP and EGP flapping. We are also using TTL failure
> rate-limiting.
Never ever run CEF Receive rate-limit. You said you have CoPP also,
your CoPP is done in software because of that. But thats not
even the worse thing, if you start to think what the command really
does.
Consider your MSFC can do 20kpps, so after 15kpps of DoS you
still have 5kpps free for processing good packets. Now after you
implement above command, after <3kpps of DoS all your LDP, iBGP, IS-IS
are dead, as they have to share that 1500pps with the 3000pps
of DoS.
--
++ytti
More information about the cisco-nsp
mailing list