[c-nsp] OSPF on PIX?
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Fri Sep 3 11:49:48 EDT 2004
this is normal behavior as regards to ospf stabilization.
i would unless you just cant, turn off ospf on your firewall.
why...
#1 routers route and firewalls ...well you get it.
#2. the pix doesnt need to know its ospf traffic.
pass it thru as just plain old ip traffic since it doesn't use tcp
or udp.
#3. the cpu usage is due to spf runs, lsa's and the resultant floods.
its not due to the data, its HOW OSPF worx.
#4. why would you want tour pix to get involved in bdr & dr elections.
v/r,
~piranha
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Adam Greene
Sent: Friday, September 03, 2004 8:27 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] OSPF on PIX?
Hi --
We're deploying OSPF on our network for the first time, and it looks like it
will be convenient to enable OSPF on our PIX-515-UR's as well. The problem
is, the moment I enable OSPF on the pixes, CPU usage on them shoots up from
0-1% to 7-10% (sh cpu usage). Each interface I add to area 0 appears to add
1-2% to CPU usage as well.
I've tried googling for acceptable CPU usage levels on the PIX, but came up
dry. Does anyone have a benchmark they can refer me to?
We're going to be passing about 5 Mbps through these pixes in the short term
(may grow to 10Mbps or higher). It would be nice to know that ongoing 15%
CPU usage is not going to cause noticeable performance degradation to our
users (we are broadband ISP).
Best,
Adam
P.S. we're running 6.3.3 on the pixes
---
[This e-mail was scanned for viruses by Webjogger's AntiVirus Protection
System]
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list