[c-nsp] 7604/Sup720 not MLS/CEF switching

Gert Doering gert at greenie.muc.de
Fri Jan 25 11:07:04 EST 2008 

Hi,

I could use a hint to start nailing this down.

We have two 7604/Sup720s with 12.2(18)SXF7 here, doing a pretty similar
traffic load (about 2-3 Gbit/s aggregate), and similar traffic pattern.

IPv4, IPv6, MPLS, netflow export for IPv4.

One of the boxes is running at 1-2% CPU, the other one is running at 
60-80% (which started at 22:18 yesterday evening, with no significant 
change in traffic patterns).

So, it's moving packets with a CPU not meant to be used for this.  

So I've checked two interfaces with very similar usage patterns (audio
streaming of life radio, long-lasting flows with medium-to-large packets 
sizes), and there's a big difference in the percentage here:

vlan1700, about 4% "not MLS/CEF switched":

     Protocol       Path    Pkts In   Chars In   Pkts Out  Chars Out
           IP    Process      25150   24734247          0          0
            Cache misses          0
                    Fast 1328140746 1350996135423        191      58674
               Auton/SSE 30723864532 30882213532050 18184117236 1335974238797

vlan4062, about 0.1% "not MLS/CEF switched":

     Protocol       Path    Pkts In   Chars In   Pkts Out  Chars Out
           IP    Process     368914   54599634   31636639 3543640264
            Cache misses          0
                    Fast 1670054191 1924596882515        168       9913
               Auton/SSE 1029709651247 1137649776167566 229040036204 16614962888496

there's difference on L2 for these interfaces (4062 is coming in via a
dedicated port, 1700 is coming in via a trunk port), but I don't think
this should make any difference.

Most of the egress traffic for this is going via a L3 port-channel, or
via a single L3 port.  For both VLANs.


Traffic level is about 400 Mbit on vlan 1700, 500 Mbit on vlan 4062,
most of it "incoming".  No big difference here either.  Similar PPS
levels, about 50.000 pps incoming.

This is how vlan1700 looks like:

interface Vlan1700
 description Streaming2/Trust (an1)
 ip address 194.97.x.y 255.255.255.240
 ip verify unicast source reachable-via rx allow-default
 ip flow ingress
 no mop enabled
end


Something is funny here... - so - how do I start figuring out why 1/20
of those packets are not being MLS/CEF switched?


Oh well.  I found the problem - someone leaked too many prefixes, and
it's  

%MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception for IPv4 unicast, Some routes will be software switched.

Dunno why it's showing *these* symptoms, affecting some interfaces more than
others.  But still I'm interested in finding out how to see what packets
are not being MLS/CEF-switched, and why, for the next round of debugging :-)

gert


-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080125/a1e35a33/attachment.bin

More information about the cisco-nsp mailing list