[c-nsp] Best practice - Core vs Access Router
Saku Ytti
saku at ytti.fi
Thu Feb 11 13:37:08 EST 2010
On (2010-02-11 18:50 +0100), Andy B. wrote:
> mls rate-limit unicast cef glean 5000 10
This might be too high. We know that you lose packets in hold-queue, even
when it is 4k, this means you are getting too much packets to software
processing, more than the box can handle. It is issue that needs to be
fixed, whether it is the same issue which is causing packet loss and
BGP/OSPF timeout, we can't tell.
We also so far have seen from your output that the packets hitting
hold-queue have been glean packets, with no example of other type of
packets.
Now, best would be to ERSPAN the control-plane traffic to get more accurate
results on what the bulk of the packets are.
And/or you could decrease glean to much smaller value, maybe 500, maybe
100. You have to remember, that you don't break anything /existing/ with
tight glean limit, you only delay /new/ hosts from coming up during the
event (or attack).
--
++ytti
More information about the cisco-nsp
mailing list