[c-nsp] DoS tracking on the 6500

Simon Leinen simon at limmat.switch.ch
Tue Mar 22 11:40:42 EST 2005


Dale W Carder writes:
> On Mar 18, 2005, at 3:04 AM, Nitzan Tzelniker wrote:
>> Try to run the command
>> "sh mls ip count"
>> if the output is more than 32000 you need sampling

> My operational experience is that this is not necessarily true,
> depending on your application.  IIRC, on the Sup2+MSFC2, there is an
> increased *probability* of netflow information being lost, up to the
> hard cap of 128,000 entries.

That's correct.  The hard limit of 128'000 entries is the same on the
PFC3 (Sup720), but the PFC3 is supposed to have a better hashing
algorithm, so you can use more of the space before table contention
starts to become a problem.

On the PFC-3BXL (Sup720-3BXL), the table is twice as big.  On our
busiest border router, upgrading to the Sup720-3BXL has caused the
table contention issue to go away completely.  Your mileage may vary
of course.
-- 
Simon.



More information about the cisco-nsp mailing list