one caution when checking VIP CPU. it is normal for the VIP cpu
to be at 99% if the VIP is doing receive side buffering. receive
side buffering is enabled if you are running DCEF. if you see a
VIP cpu at 99%, please check if receive side buffering is in
effect via
show controller vip <slot> acc
from the RSP or
show vip acc
from the vip console.
with respect to the second part of your question -
when you enable netflow on a router that is doing CEF switching, flow
only does accounting. it does not switch packets. when netflow
is enabled with DCEF, the VIP does the accounting and passes up
aggregated flows to the RSP. netflow needs memory to keep track of
the flows running through the router, so your memory requirements
when running netflow + cef will be higher then just running netflow.
RSP based DFS only co-exists with DCEF in 11.1()CC. in 12.0 and later
code, distributed fast-switching, and the optimized cache based switching
schemes such as (optimum and flow (for switching purposes) were removed.
the only switching scheme other CEF is plain fast-switching for RSP
based platforms.
regards
.siva
>
> Hi!
>
> just the command I've been looking for for last week but forgot to follow it
> up
> (though there is a slight error on the document,
> the command is only available on privilege-exec mode).
>
> the "if-con" command is not listed int the 7513 help. I need it
> to check our VIP2-50's CPU and memory. I'm still looking for possible
> caveats if any.
> Found one only for 12.0T for possible router reload if the "show line"
> command is issued.
>
> I'm reviewing the performance of our 7500 series routers equipped with VIPs
> (VIP2-50 128MB). I want to know how to check various features. I have CEF
> globally configured on the core routers and Netflow on selected interfaces
> on the edge. Can someone please give recommendations on what switching modes
> to use based on actual experience? Any caveats/advice on using "ip
> route-cache distributed" along with flow switching on various port adapter
> cards? How about dCEF? I read the case of VIP-distributed Fast Switching
> which should not be used simultaneously with dCEF.
>
> thanks in advance.
>
> tito
>
>
> > ----------
> > From: Rob Thomas[SMTP:robt@cymru.com]
> > Sent: Monday, May 28, 2001 4:10 AM
> > To: Cisco List
> > Subject: [nsp] Monitoring DoS attacks with the VIP Console
> >
> > Hello, cisco-nsp folks.
> >
> > I have recently authored a paper entitled "Monitoring DoS Attacks with
> > the VIP Console and NetFlow." This paper details a method for tracking
> > DoS attacks at a fine layer of granularity. Utilizing both NetFlow and
> > an undocumented VIP command on a Cisco router, a DoS attack can be
> > closely monitored and analyzed. You will find the paper at the following
> > URL:
> >
> > http://www.cymru.com/~robt/Docs/Articles/dos-and-vip.html
> >
> > Please note that this document makes use of an UNDOCUMENTED and
> > UNSUPPORTED
> > Cisco IOS command. While I have successfully used the methods documented
> > therein during heavy DoS and DDoS attacks, your mileage may vary.
> >
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT