[nsp] diagnosing dCEF
Matt Ploessel
matt.ploessel at foundstone.com
Wed Sep 3 15:33:55 EDT 2003
If you're running into problems where some packets aren't making it
through, regardless of protocol, and they all seem to be about 92 bytes,
you might talk to Cisco about it. ;)
-Matt Ploessel
>See http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
>>
>>The policy-routing solutions works great in small routers (26xx, 17xx)
>>and in 7200s. In 7500s it seems OK *UNLESS* dCEF is enabled, then it
>>does what you saw. I'm assuming it's dropping 92-byte TCP packets as
>>well as the ICMP echoes. You can see 1-packet flows of mail getting
>>dropped.
>>
>>Notice that the workaround cannot be used on GSRs because it causes
>>packets to be punted to the CPU... this is as bad a news as that it
>>doesn't work right on dCEF because we use GSRs or 7500s with dCEF
>>where the network is really busy.
> -----Original Message-----
> From: Michael Loftis [mailto:mloftis at wgops.com]
> Sent: Thursday, August 28, 2003 6:06 PM
> To: Kenny Stoltz; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] diagnosing dCEF
>
>
> RTFM mostly......There are a number of limitations for CEF, plus on a
> distributed platform you have to act it on the sup as well as the
> linecards, and possibly interfaces. If you want to privately send me
> onfigs (minus password/snmp community/etc statements please,
> I don't even
> want to get itno that possibility, and any anonymizing you
> feel necessary)
> I'll take a look and see if I can make some suggesstions.
>
> --On Thursday, August 28, 2003 19:55 -0400 Kenny Stoltz
> <kenny at qx.net>
> wrote:
>
> > I have a 7500 that has "ip cef distributed" enabled, and
> even though
> > this is turned on show interfaces switching produces output like
> >
> > FastEthernet0/0/0 to MilkyWay Port F0/11
> > Throttle count 23
> > Drops RP 242 SP 0
> > SPD Flushes Fast 246 SSE 0
> > SPD Aggress Fast 0
> > SPD Priority Inputs 4319 Drops 0
> >
> > Protocol Path Pkts In Chars In Pkts Out Chars Out
> > Other Process 1451192 163629338 3011580 180694800
> > Cache misses 0
> > Fast 0 0 0 0
> > Auton/SSE 0 0 0 0
> > IP Process 128741017 2182744165 179065024 3715162917
> > Cache misses 44
> > Fast 3850192978 4238328313 4230800234 4157756173
> > Auton/SSE 0 0 0 0
> > DEC MOP Process 0 0 50103 3857931
> > Cache misses 0
> > Fast 0 0 0 0
> > Auton/SSE 0 0 0 0
> > ARP Process 78977079 443698726 1396932 83815920
> > Cache misses 0
> > Fast 0 0 0 0
> > Auton/SSE 0 0 0 0
> > CDP Process 503521 194990679 502129 159675732
> > Cache misses 0
> > Fast 0 0 0 0
> > Auton/SSE 0 0 0 0
> >
> > What is the easiest way to diagnose why dCEF isn't switching any
> > packets and IP Process is switching such a massive amount
> of packets?
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> --
> GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351
> 88B9 E736 BD7E
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco> -nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list