[c-nsp] Sup720 CoPP, limits on CPU performance

Chris Griffin cgriffin at ufl.edu
Sat Mar 27 07:42:15 EDT 2010 

Are you sure this is actually fixed?

When entering the command:

mls rate-limit unicast cef glean 5000 250

I get:

12.2(18)SXF14 and 12.2(33)SXI3:  The following is sent the console only, but not logged:

%Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN

12.2(33)SRD3:  The following is logged:

*Mar 27 07:08:50 EDT: %MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE: Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN

Seems to be an expected message:

http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&index=all&locale=en&query=MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE&counter=0&paging=5&links=reference&sa=Submit

Previous messages from Sukumar in the Feb 2007 timeframe seemed to imply this was an issue with the PFC3B and could be fixed with the PFC3C.

Thanks
Chris

On Mar 25, 2010, at 4:20 PM, Rodney Dunn wrote:

> 
> 
> On 3/25/10 1:42 PM, Tim Durack wrote:
>> On Thu, Mar 25, 2010 at 12:22 PM, Rodney Dunn<rodunn at cisco.com>  wrote:
>>> Yep...that's it:
>>> 
>>> Release-note
>>> ============
>>> 
>>> When a packet is destined to an next hop that doesn't already
>>> have an ARP entry, the packet needs to be punted from the hardware
>>> datapath up to the CPU.  When the glean adjacency rate-limiter is
>>> enabled, the egress security ACL (and egress QoS) of the ingress
>>> interface is applied on these punted packets.
>>> 
>>> The current workaround is to either relax the egress security ACLs
>>> of ports facing PCs/servers (ports facing only routers are not a
>>> problem since routing protocols guarantee that ARP entries always
>>> exist for routers), or disable the glean adjacency rate-limiter.
>> 
>> But it's fixed, right?
> 
> Yes. I didn't realize how long it had been so my memory isn't totally gone yet. ;)
> 
> Rodney
> 
> 
>> 
>> CSCed75920 says:
>> 
>> Fixed-In
>> 12.2(17d)SXB1
>> 12.2(18)SXD
>> 
>> (I really want to police all ip at the end of my CoPP policy, and the
>> mls glean rate-limiter appears to allow me to do that.)
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Chris Griffin                           cgriffin at ufl.edu
Sr. Network Engineer - CCNP             Phone: (352) 273-1051
CNS - Network Services                  Fax:   (352) 392-9440
University of Florida/FLR               Gainesville, FL 32611

More information about the cisco-nsp mailing list