[c-nsp] NPE G1, CEF and ACLs and high CPU

Nic Tjirkalli nic.tjirkalli at za.verizonbusiness.com
Fri Sep 5 10:36:08 EDT 2008 

howdy ho,

> But make sure you do:
>
> config t
> int null 0
> no ip unreachables
>
> The ACL drops are, last I checked, rate limit punts.
this is interesting - there is a good article detailing cef and CPU
punting at :-
http://searchnetworkingchannel.techtarget.com/generic/0,295582,sid100_gci1261924,00.html



Reading that and this posting begs the question 
- if there is a lrage amount of ACL drops and these packets are punted to
cPU and the CPU rate-limit for punted packets has been exceeded, then
possible packets that need to be CPU processed will be dropped in favour
of ACL denied packets - this seems a bit ridiculous.

Any way to get acl dropped packets not to be CPU punted or to use
control-plane policing to discard them before they hit the CPU?

thanx


>
> If it's high CPU at IP Input really need 12.4(20)T and get
> a sniffer trace in the punt path to see what traffic it really is.
>
> Rodney
>
> On Thu, Sep 04, 2008 at 03:46:23PM -0400, Stephen Kratzer wrote:
>> On Thursday 04 September 2008 15:12:12 Mateusz B??aszczyk wrote:
>>> 2008/9/4 Stephen Kratzer :
>>>> The 'log' keyword will cause matching packets to not be CEF switched.
>>>
>>> nope, log is not present.
>>>
>>>> Also, if
>>>> you're denying a lot of traffic from a certain source, you might want to
>>>> just bit-bucket it rather than sending ICMP responses.
>>>
>>> you mean - "no ip unreachables"?
>>
>> You could match the access list in a route map and set the outbound interface
>> to Null0.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


---------------------------------------------------------------------
It's hard to be nostalgic when you can't remember anything good.

Nic Tjirkalli
Verizon Business South Africa
Network Strategy Team

Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This e-mail
is strictly confidential and intended only for use by the addressee unless
otherwise indicated.

Company Information:http:// www.verizonbusiness.com/za/contact/legal/

This e-mail is strictly confidential and intended only for use by the
addressee unless otherwise indicated.

More information about the cisco-nsp mailing list