[c-nsp] reliability of ping to router physical-, sub- or loopback interface

Jared Mauch jared at puck.nether.net
Wed Aug 24 10:52:01 EDT 2011 

Yes, but one must verify that it's done in hardware.  Some packets may be punted to the CPU depending on what is being done.  ASR1K with QFP performs different than a "Modern" 28xx/ISR class device.

Due to the broad set of devices that Cisco offers/delivers, it's impossible to make a general statement about this.  One must verify with your SE team and likely with the platform TME.  They can walk you through how the packet flow works on more complex devices with fabrics, etc… 

The general rule I'm trying to offer here is that: It might be done in hardware, but just because it's a new product doesn't mean it's not done in the CPU.  Actually -  the general rule is you can't generalize about Cisco platforms and their processing/behavior.

We ultimately deployed well-connected servers to interact with customers so they can run iperf against them.  This allows us to prove it's not the network misbehaving, but actually their network elements with the failure.  Gigabit hardware is inexpensive these days and aren't 1000s of dollars per port anymore.  It can be frustrating when talking to a customer about their 'phantom' issue as they see loss from a router (which may be under ddos, just busy, or something else).  We always ask them to perform their test to one of these hosts behind the router.  It's an investment, but it also provides a platform to validate troubles when they do exist, and additionally to prove the problem is in the customer network.

We often find a network link that is auto/full on one side and auto/half on the other and that is why they see poor performance, and sometimes in just one direction.  Spending $500 on a el-cheapo 1u with linux is money well spent in understanding what is going on.  It also may help when you need a host with a spare gig-e to sniff/span packets to identify unknown traffic.

- Jared

On Aug 24, 2011, at 10:30 AM, Rodney Dunn wrote:

> Some do do it in HW (ie: ASR1k for example).
> 
> Rodney
> 
> 
> 
> On 8/24/11 7:54 AM, Jared Mauch wrote:
>> The problem here is in how you and the vendor define modern. Cisco ships many devices that require the control plane CPU to be involved in this activity. Most platforms support a common control plane configuration, but some just do it on that same CPU. You might as well reply to simple packets under those circumstances.
>> 
>> You need to talk to the TME about where this processing happens for each device. Assume it's in the main CPU unless they demonstrate otherwise.
>> 
>> Jared Mauch
>> 
>> On Aug 24, 2011, at 6:03 AM, Benny Amorsen<benny+usenet at amorsen.dk>  wrote:
>> 
>>> 
>>> I would hope that a modern router handled at least ICMP ECHO in
>>> hardware.
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list