[c-nsp] Re: access-list on C6509 not matching packets
Tim Stevenson
tstevens at cisco.com
Tue Feb 14 13:28:27 EST 2006
At 10:05 AM 2/14/2006, Zitibake submitted:
>Thanks for the tips; tcam not showing anything:
>core-4.mpls#sh tcam interface gig 7/2 acl out ip
>
> permit ip any any
> deny ip any any
> deny ip any any
>...so I will use Netflow.
Ya, prob you have PFC3A then.
>The nice thing about access-lists, is that you will see even one hit to each
>line. With sampled netflow... who knows what you missed? If I run unsampled
>Netflow (with a gigabit port to my collector), what are the chances
>that a ddos
>stepping through flows would cause a forwarding issue?
Full NF is independent of forwarding in PFC3, you should see no
impact to throughput even with a an overflowing NF table (but of
course, you won't see stats for the excess entries). Aggressive aging
can help there to some extent.
NF data export though will increase the RP CPU load so if you are
exporting the flow records as they expire, you could affect your CPU
or that of the collector.
Tim
> Any ballpark numbers
>for kpps (mpps?). I remember on the M20, netflow used to crash under load,
>which was both a blessing and a curse. I can guarantee that the device will
>not receive more than about 1gbps of aggregate traffic.
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list