[nsp] Cisco 6509 with SUP1A-MSFC
lee.e.rian at census.gov
lee.e.rian at census.gov
Mon Oct 6 11:41:22 EDT 2003
On Fri, 3 Oct 2003 11:46:25 -0400, Jared Mauch <jared at puck.nether.net>
wrote:
> On Fri, Oct 03, 2003 at 11:17:22AM -0400, Deepak Jain wrote:
> >
> > Are there issues with the MLS cache getting full if the SUP1A only has
64 MB
> > of RAM? With <10,000 MAC addresses, is this even an issue?
I'm not sure how much of an issue it is, but you can fill up the MLS cache.
Although 'fill up' probably isn't the right term... the way I understand
it, there are eight 16K pages for MLS info. The MLS info is hashed & the
hash value is used as an index into the table. So, worst case, all it
takes is eight flows to fill up a particular hash bucket - the 9th flow
won't fit into cache & always be punted to the MSFC [to be CEF switched?
dunno]
Interesting commands on a SUP1A are 'show centauri stat' and 'show mls l3
stat'. I'm guessing that the line
#Failed to create SC(all pages are full) = 1290048
is the number of MLS flows that didn't fit into the cache table (SC = short
cut?)
The '#Failed to create SC' number matches the
CISCO-SWITCH-ENGINE-MIB::cseL3FlowLearnFailures MIB variable
snmpwalk switch cseL3StatsTable
CISCO-SWITCH-ENGINE-MIB::cseL3SwitchedTotalPkts.1006 = Counter32:
2755209978
CISCO-SWITCH-ENGINE-MIB::cseL3CandidateFlowHits.1006 = Counter32: 4539612
CISCO-SWITCH-ENGINE-MIB::cseL3EstablishedFlowHits.1006 = Counter32:
3380308787
CISCO-SWITCH-ENGINE-MIB::cseL3ActiveFlows.1006 = Gauge32: 39450 <=== uh
oh!!!
CISCO-SWITCH-ENGINE-MIB::cseL3FlowLearnFailures.1006 = Counter32: 1294579
> I've found it's important to insure that one uses
> the "mls flow ip destination". But just because it's configured
> that way, doesn't mean it's the way it's being used
> internally to the box. Check it with "sh mls flowmask"
> Cisco will transparently switch on you without warning (or a
> way to check it via snmp) presently.
cseRouterTable has mls flow type
snmpwalk switch cseRouterTable
CISCO-SWITCH-ENGINE-MIB::cseRouterFlowMask.a.b.c.1 = INTEGER: fullFlow(3)
CISCO-SWITCH-ENGINE-MIB::cseRouterName.a.b.c.1 = STRING: ROUTER-1
CISCO-SWITCH-ENGINE-MIB::cseRouterStatic.a.b.c.1 = INTEGER: false(2)
CISCO-SWITCH-ENGINE-MIB::cseRouterIpxFlowMask.a.b.c.1 = INTEGER: dstOnly(1)
> Some features require more
> information so enable the more granular mls flow. Note in their
> docs, it says "minimum flowmask", so they basically reserve the right
> to change it to the most abusive mls flowmask at any time.
We added a policer to assure that any particular video flow going across a
T1 line didn't use more than 384Kb & MLS switched from destination to full
flow mode :-(
Lee
More information about the cisco-nsp
mailing list