[c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
Pavel Skovajsa
pavel.skovajsa at gmail.com
Tue Jan 26 09:40:02 EST 2010
On Tue, Jan 26, 2010 at 3:15 PM, Sven 'Darkman' Michels <sven at darkman.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Pavel,
>
> Pavel Skovajsa schrieb:
>> Hi Sven,
>>
>> I had not exactly the same but similar issues but with 7606 - see
>> http://www.mail-archive.com/cisco-nsp@puck.nether.net/msg26651.html. I
>> learned from TAC that the issue was with the fact that I used it in
>> combination with VRFs and the traffic got incorrectly punted into 7606
>> MSFC CPU where there are hardware rate limiters (show mls rate-limit).
>
> But since i don't use VRFs, this might be something similar?
>
> i checked the rate limit, but i'm not familar with the output... maybe you
> can see something:
> #show mls rate-limit
> Sharing Codes: S - static, D - dynamic
> Codes dynamic sharing: H - owner (head) of the group, g - guest of the group
>
> Rate Limiter Type Status Packets/s Burst Sharing
> --------------------- ---------- --------- ----- -------
> MCAST NON RPF Off - - -
> MCAST DFLT ADJ On 100000 100 Not sharing
> MCAST DIRECT CON Off - - -
> ACL BRIDGED IN Off - - -
> ACL BRIDGED OUT Off - - -
> IP FEATURES Off - - -
> ACL VACL LOG On 2000 1 Not sharing
> CEF RECEIVE Off - - -
> CEF GLEAN Off - - -
> MCAST PARTIAL SC On 100000 100 Not sharing
> IP RPF FAILURE On 100 10 Group:0 S
> TTL FAILURE Off - - -
> ICMP UNREAC. NO-ROUTE On 100 10 Group:0 S
> ICMP UNREAC. ACL-DROP On 100 10 Group:0 S
> ICMP REDIRECT Off - - -
> MTU FAILURE Off - - -
> MCAST IP OPTION Off - - -
> UCAST IP OPTION Off - - -
> LAYER_2 PDU Off - - -
> LAYER_2 PT Off - - -
> LAYER_2 PORTSEC Off - - -
> IP ERRORS On 100 10 Group:0 S
> CAPTURE PKT Off - - -
> MCAST IGMP Off - - -
> MCAST IPv6 DIRECT CON Off - - -
> MCAST IPv6 ROUTE CNTL Off - - -
> MCAST IPv6 *G M BRIDG Off - - -
> MCAST IPv6 SG BRIDGE Off - - -
> MCAST IPv6 DFLT DROP Off - - -
> MCAST IPv6 SECOND. DR Off - - -
> MCAST IPv6 *G BRIDGE Off - - -
> MCAST IPv6 MLD Off - - -
> IP ADMIS. ON L2 PORT Off - - -
>
Actually the correct command is "show mls rate-limit usage".
The easiest way to find out whether this is something connected to CPU
punt is to configure " no mls rate-limit unicast ip icmp unreachable
no-route", however this may have some impact on production device, if
you have any situation where traffic matches no-route situation in
hardware and gets punted to CPU and overwhelming it......
As another idea you can try to "localize" the issue to the 6509 only
simply by taking a free port on 6509 and testing PVLAN end-user port
on that one.
>
>> Anyway, try upgrading the 6509 I am sure some old SXD code has number
>> of bugs around this.
>
> By upgrading you mean a newer software release, i hope? ;)
Exactly....
....also forgot to mention that for PVLANs to work you need to use
golden RJ45 connectors :) ... joking
-pavel
>
> Thanks again!
>
> Regards,
> Sven
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkte+P4ACgkQQoCguWUBzBxVwACdF8AE7fZcd/pWnTEylqhrOPAZ
> TLEAnAx1xOXWx5hS4akjsWKAj6OktlMO
> =o1at
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list