[c-nsp] SUP720 - 12.2(18)SXF17
Drew Weaver
drew.weaver at thenap.com
Fri Oct 9 09:01:43 EDT 2009
I assume you were being sarcastic when you said: " But traceroute's one of the killer apps for Sup720's regardless if used in 6500 or 7600." as we have found out that whenever the BGP Scanner process goes wild it totally botches trace routes. Apparently this is not an issue on the GSR because the line cards originate the ICMP unreachables but on the 6500/7600 platform the unreachables come from the RP (or so I'm told). Has anyone found a way to make any headway on cleaning up the ugly traceroute effect of BGP Scanner? I obviously realize that traceroutes are all but worthless as far as diagnostics go, but it's a "presentation" thing.
thanks,
-Drew
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marcus.Gerdon
Sent: Thursday, October 08, 2009 5:33 AM
To: Bob Snyder; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SUP720 - 12.2(18)SXF17
But traceroute's one of the killer apps for Sup720's regardless if used in 6500 or 7600.
Dependent on the traffic you pass through there might be lots of 'TTL expired' (nearly fully originating from running traceroutes, else I'd suspect you've another more serious problem).
Running plain-IP-configuration passing 10-15gbps originating mostly from residential internet access across a 7600 I've seen a good 20% CPU coming from roughly 2000 'TTL expired's *per second*.
The ever more widespread abuse of traceroute (before someone starts arguing: yes, I call permanent use of mtr and alike for end-user pseudo-monitoring 'network abuse') is something you'll be forced into limiting to protect your network at some point in time despite the complaints of some customers not understanding the technology behind.
Marcus
> -----Ursprüngliche Nachricht-----
> Von: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] Im Auftrag von Bob Snyder
> Gesendet: Mittwoch, 7. Oktober 2009 21:19
> An: cisco-nsp at puck.nether.net
> Betreff: Re: [c-nsp] SUP720 - 12.2(18)SXF17
>
> On Mon, Oct 5, 2009 at 5:43 AM, Phil Mayers
> <p.mayers at imperial.ac.uk> wrote:
>
> > mls rate-limit all ttl-failure 100 10
> > mls rate-limit all mtu-failure 100 10
> >
> > There's no reason not to have the TTL failure rate limit
> enabled AFAIK.
> > Choose a value appropriate to you, obviously.
>
> One gotcha here is that busy routers will start dropping traceroute
> packets as the trace hits routers that are actively rate-limiting.
> Even through end to end traffic isn't affected, you may get user calls
> (or confused network admins) complaining about packet loss because of
> a misleading traceroute.
>
> Still definitely a good idea, but something to consider when setting
> thresholds and managing expectations.
>
> Bob
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list