[cisco-nas] failed PPPoE auth eats CPU

jlewis at lewis.org jlewis at lewis.org
Tue Oct 28 12:06:39 EST 2003


On Fri, 3 Oct 2003 jlewis at lewis.org wrote:

> > answer is that 12.3 will have a lot more bug fixes over any version of
> > 12.2T. 12.3(3) is the latest maintennance release of 12.3.
> 
> I guess I'll give 12.3 a try on disk0.  I'll be sure to keep the 12.1T
> version handy on slot1 as a fall-back just in case there are "issues" with
> the new code.

I finally got around to trying 12.3 again today.  First time (about a week 
ago), the CF disk I'd prepared in another router apparently didn't work 
properly in the router I put it in (after bootup, it complained that the 
card had been formatted on a different platform, just a different 7206,  
and I found that files could not reliably be read from it.  I'm surprised 
it worked at all, and the only problem I saw was radius auth broken in 
really strange ways).

Anyway, I reformatted the card in the router and recopied 12.3(3a) to it.
This time radius works properly, but 12.3 doesn't have PPPoE connection 
throttling.  Guess I may have to try 12.2T for that.

On a 7206vxr NPE300 that was at 0-1% CPU, knocking off one user with a 
locked password will still shoot the CPU load up to as much as 50%, though 
it bounces around between around 6% and the mid 30's most of the time.

PPP manager and PPP Events seem to be whats eating it.

 170      116988    405398        288 16.36%  8.39%  6.53%   0 PPP manager
 171      404060    428303        943 25.37% 16.54% 16.03%   0 PPP Events

I noticed that virtual-templates now have a dampening option, and there's
a carrier restart-delay option...but since auth happens before virtual
interface cloning now, those don't seem to be of any help.  I wonder if
the carrier restart-delay option would have helped under 12.1T (which
doesn't have dampening).  I may reboot later and find out.

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



More information about the cisco-nas mailing list