[nsp] Cat6509 MSFC1 interface stats.

dtodd at partners.org dtodd at partners.org
Fri Dec 20 14:12:25 EST 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim:

After doing some research we had a problem w/our counters in/output
mismatch while running on a sup2/pfc2 on code 12.1.8b.e9 and sup 6.x
I am sure. 

We are currently using c6msfc2-jsv-mz.121-11b.E4 in hybrid mode and
have done good bug scrub. It seems to be working pretty well for us.

We are not using the Sup2 in regular catos mode so...


==DMT>

- ----SIG-------
Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html

> -----Original Message-----
> From: James Kilton [mailto:kilton9@yahoo.com]
> Sent: Friday, December 20, 2002 11:28 AM
> To: Todd, Douglas M.; 'Stephen J. Wilcox'
> Cc: Lars Erik Gullerud; cisco-nsp@puck.nether.net
> Subject: RE: Re[2]: [nsp] Cat6509 MSFC1 interface stats.
> 
> 
> #sh mls status
> MLS global configuration status:
> 
> global mls ip:                     enabled
> global mls ipx:                    enabled
> global mls ip multicast:           disabled
> current ip flowmask for unicast:   destination only
> current ipx flowmask for unicast:  destination only
> 
> Thanks for the information.  For whatever reason,
> 'show mls status' is apparently a hidden command for
> the IOS version I'm using (12.1(8b)E10).  CatOS
> version is 7.1(2).
> 
> So, perhaps MLS is indeed the reason behind the
> counter issues, though I would have assumed that the
> information about MLS and traffic statistics on
> Cisco's site was referring to layer-3 interface
> counters.  
> 
> 
> --- "Todd, Douglas M." <DTODD@PARTNERS.ORG> wrote:
> > All:
> > 
> > sh mls rp is for 5000 rp platforms. Do a sh mls
> > status on a 6k.
> > 
> > ==DMT>
> > 
> > -----Original Message-----
> > From: Stephen J. Wilcox
> > [mailto:steve@telecomplete.co.uk]
> > Sent: Friday, December 20, 2002 4:47 AM
> > To: James Kilton
> > Cc: Lars Erik Gullerud; cisco-nsp@puck.nether.net
> > Subject: Re: Re[2]: [nsp] Cat6509 MSFC1 interface
> > stats.
> > 
> > 
> > 
> > Not tried this with catos, but the docs for native
> > ios suggest that mls is
> > automatically enabled and the sh mls rp in the ios
> > would appear to be for
> > multicasting out to find other switches ie it
> > automatically does the internal
> > switch...
> > 
> > Now not sure if my interpretation is correct and not
> > sure if this applies to
> > catos but it may still be switching mls even tho the
> > cmd shows it disabled...
> > 
> > Steve
> > 
> > On Thu, 19 Dec 2002, James Kilton wrote:
> > 
> > > Thanks for the info about CEF... Wasn't aware of
> > that.
> > > 
> > > MLS is disabled globally on the MSFC:
> > > 
> > > #sh mls rp
> > > ip multilayer switching is globally disabled
> > > ipx multilayer switching is globally disabled
> > > ipx mls inbound acl override is globally disabled
> > > mls id is 0030.9633.1c6c
> > > mls ip address 0.0.0.0
> > > mls ip flow mask is unknown
> > > mls ipx flow mask is unknown
> > > number of domains configured for mls 0
> > > 
> > > I just noticed something that only serves to
> > confuse
> > > me more, though.  MLS is enabled on the SUP
> > itself:
> > > 
> > > Cat6509=> (enable) sh mls
> > > Total packets switched = 1387031763
> > > Total Active MLS entries = 83
> > >   MSFC x.x.x.2 (Module 15) entries = 0
> > >   MSFC x.x.x.3 (Module 16) entries = 83
> > > Long-duration flows aging time = 1920 seconds
> > > IP Multilayer switching aging time = 256 seconds
> > > IP Multilayer switching fast aging time = 0
> > seconds,
> > > packet threshold = 0
> > > IP Current flow mask is Destination flow
> > > Active IP MLS entries = 83
> > > Netflow Data Export version: 7
> > > Netflow Data Export disabled
> > > Netflow Data Export port/host is not configured.
> > > Total packets exported = 0
> > > 
> > > Any idea how is MLS working (it seems to be
> > working
> > > based on the above, and a 'sh mls entry' does
> > indeed
> > > show entries) if it's disabled on the MSFC?  
> > > 
> > > --- Lars Erik Gullerud <lerik@nolink.net> wrote:
> > > > 
> > > > There's a difference between CEF being enabled
> > > > locally on the MSFC (for
> > > > packets that are actually switched by the MSFC)
> > and
> > > > the Sup2/PFC2 which
> > > > uses CEF directly with the PFC2. The Sup1A/PFC
> > MLS,
> > > > if I understand it
> > > > correctly, punts the first packet in a flow to
> > the
> > > > MSFC, which then
> > > > routes the packet normally (and for this, you
> > can
> > > > have CEF enabled, to
> > > > handle the actual switching of this packet on
> > the
> > > > MSFC), and installs an
> > > > MLS cache entry on the PFC to switch additional
> > > > packets in the flow
> > > > directly on the PFC ASICs. In that scenario, it
> > > > would be normal that the
> > > > interface counters on the MSFC only show the few
> > > > packets that actually
> > > > gets sent up to it from the Sup/PFC. (With the
> > > > Sup2/PFC2 you in fact
> > > > hardly see any packets at all on the MSFC's
> > > > interface counters)
> > > > 
> > > > You are saying that you have MLS disabled - have
> > you
> > > > just disabled it on
> > > > this interface with "no mls ip" on the vlan int,
> > or
> > > > globally?
> > > > 
> > > > /leg
> > > > 
> > > > 
> > > > 
> > > 
> > > 
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> > now.
> > > http://mailplus.yahoo.com
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at
> > http://puck.nether.net/pipermail/cisco-nsp/
> > > 
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPgNrmQgiZycqTvq3EQInhgCeLOsTtL8YK+t5kC1b4gWPDrMQqvgAoLfp
Fq/b9QIF4ZlaACJYC4j5CQlI
=NaFv
-----END PGP SIGNATURE-----



More information about the cisco-nsp mailing list