Re: [nsp] [nsp] VIP if-con and IOS switching (was: Monitoring DoS

From: Siva Valliappan (svalliap@cisco.com)
Date: Mon May 28 2001 - 03:54:49 EDT


with the current size of internet routing tables, you should have
at least 64 megs on the VIP. this will vary with your configuration,
and features you enable. i have seen customer survive with 32 megs
on the VIP, and some have needed as much as 128 megs. one suggestion
i make to customers (when first turning up DCEF on a 75xx), is to always
enable "ip cef". let the CEF table build. you can then examine it's
approximate memory consumption via "show ip cef summ". you can then
examine how much free memory you have on the VIP, do the math, and if
it looks like it will fit, configure "ip cef distributed"

you should have no problems with DCEF in the below listed PAs.
however, we don't support CEF with SMDS encapsulation (in case you
are using it on your HSSI), and we only support CEF with dot1q encapsulation
in certain IOS releases. so please be aware of these caveats.

regards
.siva

>
> Siva,
>
> Yes, I understand that flow switching only gathers flow data with CEF
> enabled.
>
> I have the full Internet routing table there and that dCEF keeps a separate
> FIB in the VIP plus the ip flow cache in its memory. And that the CEF white
> paper on the Cisco site recommends a minimum of 32MB memory per VIP line
> card in distributed mode.
>
> Does that mean I can configure dCEF on all VIP (VIP2-50 128 MB) interfaces
> (HSSI, Serial T3 and FE) with no worries?
>
> perhaps I can see also a reduction in RSP CPU utilization and higher
> throughput as I plan to install
> newly-purchsed VIPs.
>
> thanks for your help.
>
> tito
>
> > ----------
> > From: Siva Valliappan[SMTP:svalliap@cisco.com]
> > Sent: Monday, May 28, 2001 2:56 PM
> > To: BasaAA@etpi.com.ph
> > Cc: cisco-nsp@puck.nether.net
> > Subject: Re: [nsp] [nsp] VIP if-con and IOS switching (was:
> > Monitoring DoS attacks w
> >
> > one caution when checking VIP CPU. it is normal for the VIP cpu
> > to be at 99% if the VIP is doing receive side buffering. receive
> > side buffering is enabled if you are running DCEF. if you see a
> > VIP cpu at 99%, please check if receive side buffering is in
> > effect via
> >
> > show controller vip <slot> acc
> >
> > from the RSP or
> >
> > show vip acc
> >
> > from the vip console.
> >
> > with respect to the second part of your question -
> > when you enable netflow on a router that is doing CEF switching, flow
> > only does accounting. it does not switch packets. when netflow
> > is enabled with DCEF, the VIP does the accounting and passes up
> > aggregated flows to the RSP. netflow needs memory to keep track of
> > the flows running through the router, so your memory requirements
> > when running netflow + cef will be higher then just running netflow.
> >
> > RSP based DFS only co-exists with DCEF in 11.1()CC. in 12.0 and later
> > code, distributed fast-switching, and the optimized cache based switching
> > schemes such as (optimum and flow (for switching purposes) were removed.
> > the only switching scheme other CEF is plain fast-switching for RSP
> > based platforms.
> >
> > regards
> > .siva
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT