[cisco-nas] CPU usage : PRI vs CAS

Aaron Leonard Aaron at Cisco.COM
Mon Apr 19 15:44:47 EDT 2004 

Hi Pierre,

Let me see if I can touch on the several issues you raise here.

1. How to keep ISDN layer 2 from dropping under load.  This was
addressed by the restructuring of the ISDN code ... this went
in at the end of 12.2T so 12.3 would have it ... not that that's
much help for an AS5200.

As a workaround on an older system, you will want to set 
"process-max-time" down low and set "scheduler interval" down low
(other platforms may use "scheduler alloc".)

process-max-time 20     ! hidden in older IOS
scheduler interval 200  ! use "scheduler alloc 3000 1000" on other platforms"

2. Does CAS use less CPU than ISDN.  The answer is yes.  The
issue you have though is not that ISDN is using too much CPU,
it's that Nachi and friends are using too much CPU and that
ISDN is fragile in the face of CPU overload.  It is true that
CAS would be less fragile.  On the CAS vs. PRI modem issue ...
V.90 definitely works over CAS; all other things being equal,
calls will typically train at a 1333bps lower rate when using
CAS vs. PRI.

3. (Not asked but implicit).  How best to mitigate the impact
of infected clients on the AS5200.  People with field experience
will be able to provide some useful hints I hope; I can point
you to the "Nachi Worm Mitigation Recommendations" page at
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml .

Aaron

---

> anybody has any thought on how to reduce CPU usage on AS5200's ?  The problem
> arises when a client infected with worms such as Nachi gets online. They end up
> crashing the NAS because they generate so many small packets that keep the cpu
> busy. The NAS cannot keep it's connection to the telco switch (or the isdn
> process crashes, or whatever). Anyway, the NAS becomes useless and need to be
> rebooted.

> Any thoughts on how to circumvent the problem ?

> Would using CAS instead of PRI/ISDN aleviate the problem (the ISDN process
> wouldn't crash, for one thing) ?

> Would using CAS make V.90 unusable (if I rebember correctly, K56 was ok) ?

> Thanks !

> -------------------------------------------------------------------
> Pierre Nepveu, CCNP                    tel: +1 514.380-4289
> Administrateur de reseau                    +1 888.INFOVTL x 4289
> Ingenierie / Acces Internet            fax: +1 514 899-8452
> Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
> -------------------------------------------------------------------


> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list