[c-nsp] NPE G1, CEF and ACLs and high CPU

Mateusz Błaszczyk blahu77 at gmail.com
Tue Sep 16 09:22:44 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

List,

> I will work on it and report the results accordingly.
>

As promised - here comes the report....

1) I have reworked the ACL to introduce the "shortcuts" like "permit
tcp any any established" and permiting all traffic to customer pools
upfront. It looks like the majority of traffic is now permited and
about 8% of is matched for the last "permit ip any any" (vs 77%) with
previous ACL.

2) Also I noticed that I haven't got "no ip unreachables" on the port
so I have enabled that. Since then the "RP PAS Features" punts stopped
increasing....

3) Finally - the CPU load - there is no significant drop of CPU load
(no immediate effect). I will monitor the CPU for longer
periods to see if there is at least any trend (up, down, no change).

(box is pushing 480Mbps/90kps of input traffic

#sh ver | in IOS|processo
Cisco IOS Software, 7301 Software (C7301-K91P-M), Version 12.2(28)SB6,
RELEASE SOFTWARE (fc1)
Cisco 7301 (NPE) processor (revision D) with 983040K/65536K bytes of memory.)

Seems I need a HW upgrade anyway.
Also I will try to upgrade to 12.4.20T but not now.

Best Regards,

- --
- -mat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIz7MjIvBv0k5esR4RAkUoAKCVREfOGZZ/tQhLm3jM264kpReHPwCeJLrm
8Le8SjzUB3xNIQnufd7Ycaw=
=c2Ct
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list