[nsp] "sh proc cpu" granularity

joshua sahala joshua.ej.smith at usa.net
Thu Jul 17 21:35:26 EDT 2003 

On Thursday 17 July 2003 17:27, Charles Sprickman wrote:
> Howdy,
>
> After having gone access-list crazy last night, I see that one of
> the routers has started chewing more cpu.  This is expected, and I
> actually like the idea of the "infrastructure filtering", so I'd
> like to keep this after I upgrade.

i am about to start writing mine ;)  i have a couple of hours before 
my providers start rebooting, so i might as well entertain myself...

> This started me wondering though, how do I see how some of the
> features that don't have process entries (like ACLs) are affecting
> CPU and/or memory usage?  It seems that a whole mess of stuff gets
> lumped into "IP Input"...
>
> Also, I once tried compiled access lists on this particular router
> and saw cpu dip down quite a bit.  Sadly, it also started randomly
> filtering things it shouldn't.  In general, is this a stable
> feature?  I'm stuck in the 12.2T train right now.

i have a 7513 running 12.2(15)T and it doesn't like certain statements 
in the acls - it really didn't like using named acls, so i am using 
numbered (and aclmaker from cosi.sourceforge.net to edit the 
monsters).  there is a bug id for the named acl thing (which i cannot 
find right now, sorry - if you do a 'sho ip acce' from the vip, you 
don't see the named lists at all).  my numbered lists appear to work 
fine so long as i don't filter icmp fragments :(

ymmv, but if it is a 7500, get on the vip and look at the acl, it 
might show you what entries are actually working - comparing the 'hit 
counts' from the vip session to the 'hit counts' in the exec and try 
removing the statements that don't seem to count right at the exec.  
like i said, ymmv, but it worked for me...

/joshua

> Thanks,
>
> Charles
>
> --
> Charles Sprickman
> spork at inch.com
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
What difference does it make to the dead, the orphans, and the 
homeless, whether the mad destruction is brought under the name of 
totalitarianism or the holy name of liberty and democracy?

 - Gandhi -

More information about the cisco-nsp mailing list