[c-nsp] CPU interrupt utilization

Church, Chuck cchurch at netcogov.com
Wed Oct 12 17:07:48 EDT 2005 

I'm pretty sure it's the NAT.  It's my understanding that you need a
MSFC3/PFC3 to do NAT in ASICs.


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
shmapty at foureleven.org
Sent: Wednesday, October 12, 2005 1:33 PM
To: Rodney Dunn
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] CPU interrupt utilization

> The easiest way is to post the configuration and let people
> comment on features that cause packets to be punted on 
> that platform.

6509 sup2/MSFC2 running native mode 12.1(23)E2 (pk2o3sv-mz).  it has a 
single BGP session to our service provider, static routes internally, 
both static and dynamic NAT (inside/outside interfaces below)

we deployed new ingres and egress ACLs w/o any log keywords and the 
6500 still exhibits the problem.

we've got a similarly deployed sup1a/MSFC2 at another site.  both 
primarily host Internet-facing web services.  at their peak they both 
handle ~170Mbps/40Kpps.  the sup1a MSFC CPU is typically 25%/16%, the 
sup2 is 70%/50%

mls rp ip
mls flow ip destination
mls flow ipx destination
mls aclmerge algorithm odm
mls aclmerge odm optimizations
!
interface GigabitEthernet1/1
 ip address x.x.x.x 255.255.255.248
 ip access-group x-in-56 in
 ip access-group x-eg-01 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 no ip mroute-cache
 keepalive 3
 flowcontrol send off
 tcam priority high
 no cdp enable
!
interface Vlan100
 ip address x.x.x.x 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 no ip mroute-cache
 mls rp ip
!

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list