[nsp] 6500 Native IOS ACLs

Marc Williams mw@uk.yahoo-inc.com
Wed, 13 Nov 2002 17:48:27 +0000 

Worth checking if any of your acls are logging. That burns cpu bigtime.

--
marc


David Sinn wrote:

>Your MSFC CPU is burning time routing packets (as evident with the high
>interrupt CPU).
>
>Check your interfaces with a "sho int stat" and see if you have one or
>more interfaces that have a heavy percentage of "route cache" switched
>packets relative to "distributed cache".  This will tell you which
>interface is causing the problem, or is it all of them.  That might give
>you a more specific point to focus on.
>
>David
>
>-----Original Message-----
>From: Clinton Work [mailto:work@scripty.com] 
>Sent: Wednesday, November 13, 2002 8:33 AM
>To: Cisco-NSP
>Subject: [nsp] 6500 Native IOS ACLs
>
>
>
>I have a 6500 Sup2/MSFC2 running Native IOS 12.1(8b)E9 (Service Provider
>w/VIP)
>and I'm trying to determine if all the ACLs are processed in hardware.
>There
>is fairly high CPU usage, but the tcam and fm commands look normal. Any
>suggestions.
>
>The box dosn't have any DFC enabled cards and its pushing around 500Mbps
>of
>traffic.
>
>router#show proc cpu | ex 0.00
>CPU utilization for five seconds: 49%/49%; one minute: 52%; five
>minutes: 52%
> PID  Runtime(ms)  Invoked  uSecs    5Sec   1Min   5Min TTY Process
>  52    11819592  38318581    308   0.16%  0.05%  0.06%   0 IP Input
> 118     7366940  11559003    637   0.08%  0.03%  0.02%   0 ISIS Upd
>BACKBON
>
>
>router#show tcam counts
>           Used            Free            Percent  Used
>           ----            ----            -------------
> Labels:      5             507                0
>
>ACL_TCAM
>  Masks:   3472             624               84
>Entries:   6430           26338               19
>
>QOS_TCAM
>  Masks:      1            4095                0
>Entries:      1           32767                0
>
>    LOU:      0              64                0
>  ANDOR:      0              16                0
>  ORAND:      0              16                0
>
>router#show fm summary
>Interface: GigabitEthernet1/1
>  TCAM screening for features is ACTIVE outbound
>Interface: GigabitEthernet1/2
>  TCAM screening for features is ACTIVE outbound
>Interface: GigabitEthernet2/1
>  TCAM screening for features is ACTIVE outbound
>Interface: GigabitEthernet2/2
>  TCAM screening for features is ACTIVE outbound
>Interface: Vlan221
>  TCAM screening for features is ACTIVE outbound
>Interface: Vlan222
>  TCAM screening for features is ACTIVE outbound
>
>
>  
>