[c-nsp] portchannel & dcef?

Jon Lewis jlewis at lewis.org
Wed Dec 1 00:28:11 EST 2004 

On Tue, 30 Nov 2004, Rodney Dunn wrote:

> On Tue, Nov 30, 2004 at 07:01:49PM -0500, Jon Lewis wrote:
> > Which counters should I believe here?
>
> My lab setup doesn't have dual FE's for me to configure
> the port-channel at the moment.  I do seem to recall
> looking at this before and concluding that unlike
> MLPPP on the 75xx with a PC you could have members
> on different VIPs and still dCEF switch packets to/from
> it.

I found the problem.  During a DoS, someone turned on 'ip accounting
output-packets' on an OC3 transit interface.  That apparently causes
traffic received on the port channel and destined for the OC3 to be
process switched by the RSP.

I noticed that change (via rancid) coincided with a large increase in RSP
CPU utilization on our snmp graphs.  After turning off the accounting and
seeing RSP CPU usage go way down.

As you suggested, I checked ip cache flow on the RSP both before and after
re-enabling ip accounting, and without it, the RSP only sees a tiny
fraction of traffic that gets process switched.  With ip accounting on,
the RSP sees it all (or at least quite a bit more).

I kind of wonder now if the ip accounting (causing roughly 50mbit/s of
traffic to be process switched by the RSP4) could be the cause of some of
the problems we've been having and could cause an upgrade done via
force-switchover to appear to hang the box and a subsequent cold reboot to
take 20 minutes or so for the router to fully boot up and start routing /
being responsive at the CLI?

> As for a code suggestion with the features you mentioned
> that gets a bit more difficult.  Are you interested
> in MPLS HA?

That'd be nice, but we're not dependant on it yet.

> Are you putting the PC subinterfaces in a VRF or
> are you doing MPLS over the PC?

We have some PC subinterfaces in VRFs.

Oh...and I forgot to list HSRP in the "things we need to work".

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list