[c-nsp] Sup720 SVI ACL deny punted? (no logging)
Peter Rathlev
peter at rathlev.dk
Wed Aug 29 11:10:10 EDT 2012
On Wed, 2012-08-29 at 15:22 +0100, Phil Mayers wrote:
> On 29/08/12 14:35, Peter Rathlev wrote:
> > If we know that the punting is limited to 200 pps it shouldn't matter
> > too much. I've tried simply removing the ACL to see if the CPU overload
> > disappears. But why would 200 pps even start making it sweat?
>
> It shouldn't. I wonder if your rate-limiter config has used too many RL
> registers. See "sh mls rate-limit usage".
We pulled out some hair trying to find the best compromise when
selecting what rate-limiters to use, and I seem to remember that the
device complains if trying to configure more rate-limiters than
supported.
Rate-limiter usage currently:
Switch#sh mls rate-limit usage
Rate Limiter Type Packets/s Burst
--------------------- --------- -----
Layer3 Rate Limiters:
RL# 0: Used TTL FAILURE 500 10
RL# 1: Used IP RPF FAILURE 200 10
ICMP UNREAC. NO-ROUTE 200 10
ICMP UNREAC. ACL-DROP 200 10
IP ERRORS 200 10
RL# 2: Used UCAST IP OPTION 10 1
RL# 3: Used ACL BRIDGED IN 200 10
ACL BRIDGED OUT 200 10
RL# 4: Used CEF GLEAN 1000 10
RL# 5: Used MCAST IP OPTION 10 1
RL# 6: Used ACL VACL LOG 2000 1
RL# 7: Used MCAST DFLT ADJ 10000 10
RL# 8: Rsvd for capture - - -
Layer2 Rate Limiters:
RL# 9: Reserved
RL#10: Reserved MCAST PARTIAL SC 10000 10
RL#11: Free - - -
RL#12: Used MCAST IGMP 5000 10
Switch#
> Or the box has gotten confused and the mls rate-limits aren't working
> properly?
Possibly. Any way to check this? Other than a reload? :-)
--
Peter
More information about the cisco-nsp
mailing list