[c-nsp] What is VFM?
Richard Gallagher
rgallagh at cisco.com
Mon Jul 18 02:25:35 EDT 2005
The VFM process corresponds to the ACL/QoS TCAM processes, do you have a
large ACLs, some with logging??
Matyas Koszik wrote:
> Hi,
>
> We have a 3550 acting as a gateway for a small subnet filtering
> unwanted packets. Today we got a DoS, all evil packets died on the switch,
> so I was happy, but:
>
> sh proc cpu | i (CPU|VFM)
> CPU utilization for five seconds: 20%/5%; one minute: 17%; five minutes: 16%
> 65 2977272 19711175 151 14.82% 12.32% 11.34% 0 VFM Queue Proces
> 66 132 51 2588 0.00% 0.00% 0.00% 0 VFM/VQM Merge Pr
> 67 12 11 1090 0.00% 0.00% 0.00% 0 VFM Deferred Upd
>
> There's still some DoS traffic, about 90 mbit/s of full sized udp (not
> 1500 but 65000, so a lot of fragments), I guess it is the reason of this
> 'high' cpu load, but I don't really see why, since all of this traffic
> gets dropped on ingress.. Also a "vfm site:cisco.com" revelaed nothing
> about it.
>
> So, the question is, what is VFM and why does it need so many CPU?
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list