[c-nsp] accounting/cache/cache flow/cef

Rodney Dunn rodunn at cisco.com
Tue Sep 14 14:48:57 EDT 2004 

Sorry...typing too fast.

On Tue, Sep 14, 2004 at 02:38:31PM -0400, Rodney Dunn wrote:
> Two things.
> 
> Sometimes 'sh cef int' will tell you if it's punting
> to the next slowest feature path and why.
> 
> Also, make sure in your ACL's you don't have any
> log keywords.  If you need that data use the
> netflow export data with a Null0 destination interface.
> 
> Oh...there it is.  NAT.  That will punt for SYN, FIN,
> RST packets to build the translation table.
> 
> That was changed in 12.3(4)T (I think that's where it
> changed).
> 
> PBR is in the CEF path so I bet it's NAT causing the punts
> which create the fastcache entries.
> 
> One nifty way to debug it is to do this.
> 
> Do sh ip cache flow <==I meant 'sh ip cache'


> pick a small subnet that has a fastcache entry
> build an ACL that matches on packets going to that subnet
> do 'debug ip packet <acl> dump'
> then do 'clear ip cache'
> 
> Decode the packet header to see if it's a TCP SYN, RST, FIN.
> 
> The debugs only print packets at process level and when
> you clear the cache you punt the first packet to build the cache
> so it will catch in the debug.
> 
> I know it's newer code but if I was doing NAT I'd be making
> plans to go with the new code that has the CEF capability
> to build the NAT flows in the interrupt path.
> 
> Rodney
> 
> 
> On Tue, Sep 14, 2004 at 10:08:59PM +0530, Amol Sapkal wrote:
> > > 
> > > > sh ip cache
> > > 
> > > That shows the output of the old fastswitching cache.
> > > If you have CEF on your 'sh ip cache' should really be
> > > empty.
> > 
> > 
> > I have cef enabled globally and this and still, sh ip cache is not empty.
> > 
> > The interface Fa4/0/0.1 appears in the cache output.
> > Here are the configs:
> > 
> > gtl-core-mds#sh runn int Fa4/0/0.1
> > Building configuration...
> > 
> > Current configuration : 227 bytes
> > !
> > interface FastEthernet4/0/0.1
> >  description "VLAN for SIL"
> >  encapsulation isl 201
> >  ip address 10.7.1.5 255.255.255.248
> >  no ip redirects
> >  no ip proxy-arp
> >  ip nat inside
> >  no ip mroute-cache
> >  ip policy route-map Uplink_SIL
> > end
> >     
> > On Fa4/0/0:
> > 
> > interface FastEthernet4/0/0
> >  no ip address
> >  ip access-group UDP in
> >  ip access-group UDP out
> >  ip route-cache flow
> >  no ip route-cache distributed
> >  full-duplex
> >  no cdp enable
> > end
> > 
> > 
> > How do I relate the above?
> > 
> > 
> > > 
> > > > sh ip cache flow
> > > 
> > > Shows the netflow cache which is exported to some form
> > > of netflow collector if you  have it configured to export.
> > > This is the recommended way to do packet accounting.
> > > 
> > > >
> > > >
> > > > Assuming that I have enabled:
> > > > 1.cef globally
> > > > 2.ip route cache flow, on outgoing interfaces to my peer
> > > 
> > > ip route-cache flow is only inbound flow on an interface
> > > unless you have some sort of egress netflow support.
> > > 
> > > > 3.ip accounting output-packets, on outgoing interfaces to my peer
> > > 
> > > ip accounting is the old way of doing packet accounting.
> > > We don't recommend using it.  The way to monitor traffic
> > > flows accurately is via netflow.
> > > 
> > > You can put the netflow on all interfaces and then sort
> > > by egress interface to get cumulative egress packet counters.
> > > 
> > > >
> > > >
> > > >
> > > >
> > > > Can anyone explain me how do I relate the outputs of above command?
> > > >
> > > > Also (being a bit lazy) what is this mroute-cache?
> > > 
> > > It's for multicast fastswitching.  If you are no doing multicast
> > > don't worry about it.  If you are, turn it on.
> > > 
> > > >
> > > >
> > > >
> > > > --
> > > > Warm Regds,
> > > >
> > > > Amol Sapkal
> > > >
> > > > --------------------------------------------------------------------
> > > > An eye for an eye makes the whole world blind
> > > > - Mahatma Gandhi
> > > > --------------------------------------------------------------------
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > 
> > 
> > 
> > 
> > -- 
> > Warm Regds,
> > 
> > Amol Sapkal
> > 
> > --------------------------------------------------------------------
> > An eye for an eye makes the whole world blind 
> > - Mahatma Gandhi
> > --------------------------------------------------------------------

More information about the cisco-nsp mailing list