[cisco-nas] failed PPPoE auth eats CPU
Dennis Peng
dpeng at cisco.com
Fri Oct 3 19:55:39 EDT 2003
jlewis at lewis.org [jlewis at lewis.org] wrote:
> On Fri, 3 Oct 2003, Dennis Peng wrote:
>
> > What's the CPU being used in (show proc cpu)? A client which
>
> 196 32452716 881214041 36 36.04% 18.64% 5.95% 0 PPPOE discovery
> 237 20169036 171305 117738 20.76% 10.23% 3.59% 0 VTEMPLATE Backgr
>
> In 12.1T, this is a crippling problem. All it takes is 1 user who's
> messed up their password and latency for other traffic going through that
> 7206 is quite noticable.
>
> > continously fails authentication and continuously retries will
> > exercise the vtemplate cloning code quite a bit and that's likely what
> > is using up most of the CPU. Vtemplate/sub-interface code in 12.3
> > would handle the situation more gracefully because LCP/authentication
> > is not tied to a vaccess (it only binds after authentication is
> > successful) and also 12.2(15)T allows you to throttle these failing
> > sessions:
>
> It looks like the features I'm currently using in 12.1T are available in
> 12.3 and 12.2T. Between the two, would you recommend either over the
> other?
I don't think I should recommend anything to you anymore. ;) Standard
answer is that 12.3 will have a lot more bug fixes over any version of
12.2T. 12.3(3) is the latest maintennance release of 12.3.
Dennis
> This router currently does T3 (PA-T3), T1 (PA-MCT3), full BGP,
> OSPF, dot1q, PPPoE (over dot1q), and MPLS VPN. I've been asking to get
> the DSL (PPPoE) offloaded to a dedicated 7206, and I suspect that's going
> to happen real soon now.
>
>
> ----------------------------------------------------------------------
> Jon Lewis *jlewis at lewis.org*| I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nas
mailing list