[c-nsp] CPU interrupt utilization

Rodney Dunn rodunn at cisco.com
Wed Oct 12 17:22:17 EDT 2005 

Yep. 

And then depending on the number of flows you may need a FWSM
to handle a heavy number of translations. I don't know the
numbers.

Rodney

On Wed, Oct 12, 2005 at 04:07:48PM -0500, Church, Chuck wrote:
> I'm pretty sure it's the NAT.  It's my understanding that you need a
> MSFC3/PFC3 to do NAT in ASICs.
> 
> 
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch at netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> shmapty at foureleven.org
> Sent: Wednesday, October 12, 2005 1:33 PM
> To: Rodney Dunn
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] CPU interrupt utilization
> 
> > The easiest way is to post the configuration and let people
> > comment on features that cause packets to be punted on 
> > that platform.
> 
> 6509 sup2/MSFC2 running native mode 12.1(23)E2 (pk2o3sv-mz).  it has a 
> single BGP session to our service provider, static routes internally, 
> both static and dynamic NAT (inside/outside interfaces below)
> 
> we deployed new ingres and egress ACLs w/o any log keywords and the 
> 6500 still exhibits the problem.
> 
> we've got a similarly deployed sup1a/MSFC2 at another site.  both 
> primarily host Internet-facing web services.  at their peak they both 
> handle ~170Mbps/40Kpps.  the sup1a MSFC CPU is typically 25%/16%, the 
> sup2 is 70%/50%
> 
> mls rp ip
> mls flow ip destination
> mls flow ipx destination
> mls aclmerge algorithm odm
> mls aclmerge odm optimizations
> !
> interface GigabitEthernet1/1
>  ip address x.x.x.x 255.255.255.248
>  ip access-group x-in-56 in
>  ip access-group x-eg-01 out
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip nat outside
>  no ip mroute-cache
>  keepalive 3
>  flowcontrol send off
>  tcam priority high
>  no cdp enable
> !
> interface Vlan100
>  ip address x.x.x.x 255.255.255.0
>  no ip redirects
>  no ip proxy-arp
>  ip nat inside
>  no ip mroute-cache
>  mls rp ip
> !
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list