[c-nsp] SUP720-3B and NAT performance
Tim Stevenson
tstevens at cisco.com
Sun Mar 4 19:55:35 EST 2007
At 12:39 AM 3/3/2007 +0100, Elmar K. Bins opined:
>Hi Tim,
>
>tstevens at cisco.com (Tim Stevenson) wrote:
>
> > If it's just one session, then you're hitting some other problem (ie,
> > for some reason the h/w NF entry is not getting installed).
> >
> > The IPSEC tunnel is terminated on the 6500 or...?
>
>Not at all, it's terminated on the "VPN" boxes in my picture (ISG 1000's),
>so it passes right through the routers.
>
>Is there any way to determine whether a hardware NF entry has been
>installed or not?
You can use sh mls net ip sw-installed to see the entries pushed down
from the s/w to the h/w. In your case, I am guessing you won't see anything.
>Funny also that the CPU load on the router should grow with traffic inside
>that one session (aka flow)...
Right, it suggests that the flow is not installed. You probably
should just open a TAC case, they can help you figure out why it's
not getting installed - it sounds like in your case the control plane
scalability is not the issue.
Thanks,
Tim
>Yours,
> Elmar.
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list