[c-nsp] DoS tracking on the 6500
Simon Leinen
simon at limmat.switch.ch
Tue Mar 22 11:40:42 EST 2005
Dale W Carder writes:
> On Mar 18, 2005, at 3:04 AM, Nitzan Tzelniker wrote:
>> Try to run the command
>> "sh mls ip count"
>> if the output is more than 32000 you need sampling
> My operational experience is that this is not necessarily true,
> depending on your application. IIRC, on the Sup2+MSFC2, there is an
> increased *probability* of netflow information being lost, up to the
> hard cap of 128,000 entries.
That's correct. The hard limit of 128'000 entries is the same on the
PFC3 (Sup720), but the PFC3 is supposed to have a better hashing
algorithm, so you can use more of the space before table contention
starts to become a problem.
On the PFC-3BXL (Sup720-3BXL), the table is twice as big. On our
busiest border router, upgrading to the Sup720-3BXL has caused the
table contention issue to go away completely. Your mileage may vary
of course.
--
Simon.
More information about the cisco-nsp
mailing list