[c-nsp] Move from SXI4 to SXI5

Church, Charles Charles.Church at harris.com
Sun Feb 6 11:28:20 EST 2011 

Just as a follow-up, the high CPU was caused by the policy routing.  We
needed to phase our traffic from one firewall set to another, but not all at
once.  So 0/0 went out old FW, and subnet by subnet (vlan by vlan) was
shifted via policy routing.  Nothing complicated, deny IP going to internal
destinations, permit all else.  Applied gradually to ~50 VLAN interfaces.
No logging on ACL of course.  Anyway, we're done and policy routing is off.
CPU back down to 20% now.  WCCP is now on twice as many VLANs as before, no
CPU difference from that.

Chuck 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Wednesday, January 26, 2011 6:53 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Move from SXI4 to SXI5

On 01/26/2011 11:41 PM, Church, Charles wrote:
> All,
>
> 	I've been contemplating moving from SXI4 to SXI5 lately for our VSS
> core router pair.  They're currently doing 4 lite VRFs (no MPLS), all LAN
> modules, all 6700 series blades (10/100/1000), gig SFP, and 16 port 10
gig.
> Some OSPF, no other protocols.  VTPv3 server, using SNMPv3 actively.
Using
> a redundant sup in each chassis (they're in RPR mode).  Acting as NTP
> servers, doing lots of policy routing and WCCP.  Over the last few days of
> adding more and more policy routing and WCCP, the CPU (of active sup) has
> been moving up to 50% and beyond, mostly interrupt based.  However in the
> past, I've seen really high CPU due to that NTP bug.  I've heard rumors of
> lower CPU with SXI5 in general.  Any reason not to move to this?

We've got a couple of boxes on SXI5 (very different config; no VSS, MPLS 
v4/v6 VPNs; sso/nsf failover) and are moving the rest over the next few 
weeks. No problems so far[1] and lots of nasty CEF corruption bugs fixed.

Whether it'll help you specifically I don't know; I'm surprised that 
WCCP and policy routing are consuming noticeable CPU. Certainly the 
latter should be hardware only (not sure about WCCP though).

Have you examined CPU-punt traffic with a SPAN session?


[1] Minor point: no problems except the active/open bugs, which are 
present in all releases of SXI and not fixed yet ;o)
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6514 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110206/e32290b5/attachment-0001.bin>

More information about the cisco-nsp mailing list