[c-nsp] Sup720 CoPP, limits on CPU performance

Rodney Dunn rodunn at cisco.com
Mon Mar 29 13:56:09 EDT 2010 

Chris,

Good catch. I should have looked at the code changes.

It is a hw limitation on those.

Rodney





On 3/27/10 7:42 AM, Chris Griffin wrote:
> Are you sure this is actually fixed?
>
> When entering the command:
>
> mls rate-limit unicast cef glean 5000 250
>
> I get:
>
> 12.2(18)SXF14 and 12.2(33)SXI3:  The following is sent the console only, but not logged:
>
> %Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN
>
> 12.2(33)SRD3:  The following is logged:
>
> *Mar 27 07:08:50 EDT: %MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE: Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN
>
> Seems to be an expected message:
>
> http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&index=all&locale=en&query=MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE&counter=0&paging=5&links=reference&sa=Submit
>
> Previous messages from Sukumar in the Feb 2007 timeframe seemed to imply this was an issue with the PFC3B and could be fixed with the PFC3C.
>
> Thanks
> Chris
>
> On Mar 25, 2010, at 4:20 PM, Rodney Dunn wrote:
>
>>
>>
>> On 3/25/10 1:42 PM, Tim Durack wrote:
>>> On Thu, Mar 25, 2010 at 12:22 PM, Rodney Dunn<rodunn at cisco.com>   wrote:
>>>> Yep...that's it:
>>>>
>>>> Release-note
>>>> ============
>>>>
>>>> When a packet is destined to an next hop that doesn't already
>>>> have an ARP entry, the packet needs to be punted from the hardware
>>>> datapath up to the CPU.  When the glean adjacency rate-limiter is
>>>> enabled, the egress security ACL (and egress QoS) of the ingress
>>>> interface is applied on these punted packets.
>>>>
>>>> The current workaround is to either relax the egress security ACLs
>>>> of ports facing PCs/servers (ports facing only routers are not a
>>>> problem since routing protocols guarantee that ARP entries always
>>>> exist for routers), or disable the glean adjacency rate-limiter.
>>>
>>> But it's fixed, right?
>>
>> Yes. I didn't realize how long it had been so my memory isn't totally gone yet. ;)
>>
>> Rodney
>>
>>
>>>
>>> CSCed75920 says:
>>>
>>> Fixed-In
>>> 12.2(17d)SXB1
>>> 12.2(18)SXD
>>>
>>> (I really want to police all ip at the end of my CoPP policy, and the
>>> mls glean rate-limiter appears to allow me to do that.)
>>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list