[c-nsp] Sup720 CoPP, limits on CPU performance
Tim Durack
tdurack at gmail.com
Thu Mar 25 13:42:03 EDT 2010
On Thu, Mar 25, 2010 at 12:22 PM, Rodney Dunn <rodunn at cisco.com> wrote:
> Yep...that's it:
>
> Release-note
> ============
>
> When a packet is destined to an next hop that doesn't already
> have an ARP entry, the packet needs to be punted from the hardware
> datapath up to the CPU. When the glean adjacency rate-limiter is
> enabled, the egress security ACL (and egress QoS) of the ingress
> interface is applied on these punted packets.
>
> The current workaround is to either relax the egress security ACLs
> of ports facing PCs/servers (ports facing only routers are not a
> problem since routing protocols guarantee that ARP entries always
> exist for routers), or disable the glean adjacency rate-limiter.
But it's fixed, right?
CSCed75920 says:
Fixed-In
12.2(17d)SXB1
12.2(18)SXD
(I really want to police all ip at the end of my CoPP policy, and the
mls glean rate-limiter appears to allow me to do that.)
--
Tim:>
More information about the cisco-nsp
mailing list