[c-nsp] Interface ignored errors - sizing and allocating buffers
Sam Stickland
sam_ml at spacething.org
Wed Nov 24 05:38:29 EST 2004
Hi Brian,
Thanks for your answer, comment are inline
On Tue, 23 Nov 2004, Brian Feeny wrote:
>
> On Nov 23, 2004, at 7:10 PM, Sam Stickland wrote:
>
>> Hi,
>>
>> I've got a C7206-NPE200 router that's seeing a regular amount of ignored
>> errors on a policed interface (input). There's also the occassional overun.
>>
>> The CPU on this router is currently:
>>
>> CPU utilization for five seconds: 65%/63%; one minute: 62%; five minutes:
>> 62%
>>
>> Is this caused by not having enough buffers available, or the CPU usage?
>> The only interface I see this on is the one with the policer - there's
>> another interface that carries a similar amount of traffic and it doesn't
>> exhibit these issues.
>
> You need more info to determine the problem. Alot of times, CPU can go up,
> because your running out of buffers. But usually there is another problem
> which is why your running out of buffers in the first place.
My appologies.
The interface that is clocking up the ignore's carries 47Mbps inbound and
40Mbps outbound at peak times. It consists of sub-interfaces, one of which
is shaped to 35Mbps outbound and policed to 40Mbps inbound. At peak times
the policer drops about 4.5Mpbs of inbound traffic. The traffic shaper is
less taxed, and very rarely used (Peak time usage 160kbps delayed, 8kpbs
dropped).
The other two fast ethernet interfaces on this box carry roughly
40Mbps/40Mbps and 9Mpbs/3Mbps.
So the CPU load isn't really unexpected.
>> Is there anyway to size and allocate extra internal buffers to the ethernet
>> interface to prevent the errors?
>>
>
> You probably don't want to mess with interface level buffers, just stick to
> the global buffer stuff.
But how do I tell which buffers to raise? 'sh buffers failures' just a
bunch of Middle pool failures from over two days ago.
> Are you sure the traffic is kosher going thru that interface? I ask because
> sometimes there is wierd stuff
> like DoS attacks and the like, which causes buffer exhaustion. Somethings I
> like to do are like enable
> netflow on the interface and then do like "sh ip cache f0/0 flow" or whatever
> the interface is, and just look
> for wierdness in the src/dst, or packet sizes, or a higher pps than normal.
>
> Also definitely check "show interface switching" and make sure you don't have
> alot of process switched packets.
>
> I assume your running CEF too.
Yes, this is running CEF. 'show interface switching' shows:
Throttle count 0
Drops RP 0 SP 0
SPD Flushes Fast 0 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 159998 Drops 0
Protocol Path Pkts In Chars In Pkts Out Chars Out
Other Process 133913 10901616 132878 8504192
Cache misses 0
Fast 0 0 0 0
Auton/SSE 0 0 0 0
IP Process 6961585 635482082 5375398 533529141
Cache misses 4
Fast 3098391924 1122983871 2600736287 505566117
Auton/SSE 0 0 0 0
DEC MOP Process 0 0 2218 170786
Cache misses 0
Fast 0 0 0 0
Auton/SSE 0 0 0 0
ARP Process 5439287 326560428 9505511 608352704
Cache misses 0
Fast 0 0 0 0
Auton/SSE 0 0 0 0
CDP Process 22194 8921988 22150 7154450
Cache misses 0
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Which looks good to me.
I since upped the hold-queue to 4096 (both in and out) on the advice of
another poster, but it doesn't seem to have made any difference.
I've just had another look at the interface, and interesting it's also
clocked up 50 giants since last night, which is interesting :/
Sam
More information about the cisco-nsp
mailing list