[c-nsp] Sup720 CoPP, limits on CPU performance

Rodney Dunn rodunn at cisco.com
Thu Mar 25 12:22:51 EDT 2010


Yep...that's it:

Release-note
============

When a packet is destined to an next hop that doesn't already
have an ARP entry, the packet needs to be punted from the hardware
datapath up to the CPU.  When the glean adjacency rate-limiter is
enabled, the egress security ACL (and egress QoS) of the ingress
interface is applied on these punted packets.

The current workaround is to either relax the egress security ACLs
of ports facing PCs/servers (ports facing only routers are not a
problem since routing protocols guarantee that ARP entries always
exist for routers), or disable the glean adjacency rate-limiter.




On 3/25/10 7:23 AM, Phil Mayers wrote:
> On 25/03/10 10:51, Rodney Dunn wrote:
>> I seem to recall that also but I thought it was a bug not a hw
>> limitation.
>
> Interesting. CSCed75920 perhaps?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list