[c-nsp] Best practice - Core vs Access Router
Drew Weaver
drew.weaver at thenap.com
Tue Feb 9 09:20:47 EST 2010
Are you rate limiting ttl failures?
mls rate-limit all ttl-failure 100 10
thanks,
-Drew
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andy B.
Sent: Tuesday, February 09, 2010 7:22 AM
To: Sergey Nikitin
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Best practice - Core vs Access Router
CPU load is fairly normal at 20-30%
No congestion. Most links are under 50%.
I have no Control Plane Policies in place, but I have already been
advised to do so - this might help, right?
Redesigning the network and shifting the busy (uncongested!) VLAN to
another router seemed like the only choice we have left, unless this
CPP can help?
Andy
On Tue, Feb 9, 2010 at 12:15 PM, Sergey Nikitin <oldnick at oldnick.ru> wrote:
>
> May be you should try to find out what is the reason of the packet loss? Is there a high CPU load? Do you have control-plane configured? Do you have traffic congestion? May be you don't really need to redesing you network.
>
>
> Andy B. wrote:
>>
>> I am running one 6509 as a core router:
>>
>> IOS: SXF15a
>> 1x WS-SUP720-3BXL
>> 1x WS-X6748-GE-TX
>> 2x WS-X6704-10GE
>>
>> On this core I am doing BGP with 2 upstreams (full BGP table IN) and
>> 10 downstreams (full BGP table OUT).
>> I am also doing OSPF with 4 other core routers in this AS.
>>
>> On top of that there is one VLAN on this core that serves as a default
>> gateway for approximatively 5000 servers, producing around 30 GBps
>> outbound traffic and 10 GBps inbound.
>>
>> Recently I noticed that this core router becomes very unresponsive
>> from time to time, dropping OSPF and BGP sessions (hold time expired
>> and so on). SNMP generated stats become useless as well, because most
>> SNMP requests to that core are timing out. It's really just the core
>> that is rather slow, but reachability to my customers and from my
>> customers to the internet remains perfect. Pinging the loopback
>> interface of the core or any default gateway IP address of the busy
>> VLAN can show up to 60% packet loss
>>
>> Therefore I was thinking to split the core and move this very active
>> VLAN to a different router behind the core and only add a static route
>> to the core, so that the new router can handle these many MAC
>> addresses and hopefully get my core more responsive again.
>>
>> Does this scenario make any sense at all? Is it wise to have one core
>> router with many transit (in and out) BGP sessions also act as an
>> access router / default gateway for several thousand servers? What is
>> usually the best practice here?
>>
>> Thank you for your clues.
>>
>> Andy
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list