Re: [nsp] Experience with NSE-1 and IOS 12.0S?

From: George Robbins (grr@shandakor.tharsis.com)
Date: Mon Mar 19 2001 - 16:56:20 EST


By "list" I mean the size of the "accounting table", not the number
of acl-like list entries. I don't know if it's a bug in the lower-end
routers, it's possible that it's part of the processing that's handled
at the VIP level in the 7500's.

Somebody from Cisco needs to speed to the implementation issue...

                                                        George

> From gert@greenie.muc.de Mon Mar 19 14:46:41 2001
> Date: Mon, 19 Mar 2001 20:46:23 +0100
> From: Gert Doering <gert@greenie.muc.de>
> To: George Robbins <grr@shandakor.tharsis.com>, gert@greenie.muc.de,
> marcus@ri.st, sthaug@nethelp.no
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [nsp] Experience with NSE-1 and IOS 12.0S?
> References: <200103191900.OAA06427@shandakor.tharsis.com>
> In-Reply-To: <200103191900.OAA06427@shandakor.tharsis.com>; from George Robbins on Mon, Mar 19, 2001 at 02:00:40PM -0500
> X-mgetty-docs: http://alpha.greenie.net/mgetty/
>
> Hi,
>
> On Mon, Mar 19, 2001 at 02:00:40PM -0500, George Robbins wrote:
> [..]
> > Well, in an ISP environment, there's no way we could have a large
> > enough accounting list to track all packets.
>
> Sure - just use *no* accounting list. As long as the scenario I have
> described doesn't happen, and "ip accounting-threshold" is high enough
> (about 200000 in our case, up to 120000 have been actually needed in a
> few cases), this just *works* :-)
>
> Even with "bad packets" coming in, this smells like an IOS or 720x
> platform bug - as I said, with an RSP4 in a 7507, this doesn't hit
> nearly as hard (no distributed switching done, and the RSP4 isn't
> faster than a NPE-300).
>
> The major problem is that the router starts dropping packets destined to
> itself, and that routing protocols start flapping. *This* hints at a
> really broken scheduler - I wouldn't mind losing ip accounting records
> (or even packets) if the router gets really tight on CPU due to having
> to create too many "ip accounting" table entries, because those are
> bogus anyway. But the current behaviour is just really really bad.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert@greenie.muc.de
> fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:32 EDT