[c-nsp] Outbound drops on 6748

Dean Smith dean at eatworms.org.uk
Sat Jan 28 14:27:27 EST 2012


Its user web browsing (no multicast) and  the flow is :-

Clients -> ACE (load Balance)-> 6748 -> Appliance -> 6748 -> 6708 ->
Upstream Router (10Gb/s ASR) -> Internet

So yes the traffic arriving on the appliance port is requests from the ACE
and return traffic from a 10Gb/s ASR port

Dean

----Original Message-----
From: Matthew Huff [mailto:mhuff at ox.com] 
Sent: 28 January 2012 15:45
To: 'Dean Smith'; 'cisco-nsp at puck.nether.net'
Subject: RE: [c-nsp] Outbound drops on 6748

What is the type of data? Is it bursty? Is the data coming from an bigger
pipe upstream?

You are likely hitting microbursts. The traffic levels you state are
measured over an interval (30 seconds minimum probably). During peak
activity you can easy overrun the buffers on the 6748 if your upstream data
is coming from > 1gb and/or multicast. Since the 6748 has the deepest buffer
of any linecards of the 6500, you might have to look at an Arista or Cisco
30xx aggregation switch that can handle the microbursts.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dean Smith
> Sent: Saturday, January 28, 2012 6:40 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Outbound drops on 6748
> 
> We have some web security appliances connected via 1Gb/s copper  to 
> 6748 Line cards in a Cat 6513 with Sup720. The appliance manufacturer 
> assures us the appliances can cope with traffic well above 800Mb/s 
> (The traffic is always equal in both directions)
> 
> 
> 
> We have previously seen traffic levels > 500Mb/s for a period without 
> any issue. However more recently we have seen elevated response times 
> to the appliances as the bandwidth approaches 400Mb/s. Investigations 
> show we're seeing outbound drops now as we approach those speeds. We 
> have qos enabled on the chassis but these particular ports have up 
> till now been left at default queue setting. All the traffic is in 
> queue 0 which currently only has 50% of the queues. We have now 
> amended that to 90% but will have to wait until the next peak in traffic
to judge the impact.
> 
> 
> 
> However I'm a little unsure why we previously saw no issue @ 500Mb/s 
> but do now @ 400Mb/s. Nothing has changed on the appliances - however 
> we did remove some other redundant 6148A cards to allow the switch to 
> operate in full DFC mode. I don't have outbound errors/drops from 
> before the cards were removed but response times certainly didn't show the
increase.
> 
> 
> 
> Is it likely/possible that when operating in CFC mode the chassis/CFC 
> was effectively buffering the packets better before hitting the 
> switchport.but now they're arriving directly via DFC the individual 
> port buffers are struggling ?. If that theory doesn't hold water..any
other suggestions ?
> 
> 
> 
> What bi-directional throughput is reasonable to expect from a 6748 port ?
> 
> 
> 
> (If it makes any difference the chassis build has 1x original ACE, 
> 3xFWSM,
> 2x6704 ,1x6708 and 2x6748+ 1 xSup720. All the line cards now have DFC 
> 3B (or 3C for 6708) where appropriate)
> 
> 
> 
> Thanks
> 
> Dean
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list