Hi,
On Mon, Mar 19, 2001 at 05:59:47PM +0100, sthaug@nethelp.no wrote:
> > Since Friday i have a new box running. Cisco 7206VXR, NSE-1, I/O-2FE/E
> > with IOS 12.0(15)S1.
[..]
> We're now running the same routers with 12.1(5a)E2, and PXF is working
> nicely. We're using this box with a lot of ACLs, and the difference in
> processor load with and without PXF is very significant.
Are you using it with "ip accounting output-packets"? If yes, with what
results?
This is one of our major headaches right now with the 720x family. Under
normal conditions, "ip acc out" doesn't place any major strains on the
CPU, but if "friendly people" start hitting you with a burst of "spray"
packets, like:
90.000 packets with <random source IP> --> fixed destination IP
(different source IPs for each packet - obviously meant to be a DoS
attack...) or:
100.000 packets with fixed source IP -> scanning a full class A network
(a network scanner running wild)
*really* bad things happen. About 3-5 Mbit/s. of those packets, each one
of them resulting in a new entry in the "show ip accounting" list, *kills*
a 7206 with NPE-300 - the CPU goes up to 95% IRQ load, the router stops
responding to ping or telnet packets, after a while its neighbours drop
its BGP and EIGRP sessions ("hold time exceeded"), and then goodbye to
your network.
A 7507 with RSP4 seems to handle this kind of traffic nicely (without
any fancy distributed anything, just doing all of it with the main CPU),
so I suspect a bug in the 720x design or implementation...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:32 EDT