[c-nsp] sup720 RP CPU utilisation with >20k adjacencies / IPv6 ND load?

Phil Mayers p.mayers at imperial.ac.uk
Thu May 31 10:01:52 EDT 2012 

All,

We route our edge networks on 6500s with a pretty high density of 1G 
ports to edge switches.

In the last week or so, we've seen a spike in RP CPU utilisation. This 
has coincided with AAAA records being installed on Facebook and some of 
our internal services, in preparation for world IPv6 rollout on Jun 6.

Effectively, although all our edge networks were IPv6-enabled, few 
clients lived in the neighbour table because there was little IPv6 
traffic; this has now changed, and from what I can see, most of the CPU 
is going on neighbour table & IPv4/ARP table maintenance. On a typical 
router:

CPU utilization for five seconds: 71%/15%; one minute: 71%; five 
minutes: 70%

...and:

   5Sec   1Min   5Min TTY Process
12.15% 12.51% 12.37%   0 IPv6 ND
10.71% 11.07% 10.99%   0 ARP Input
  5.51%  6.57%  6.51%   0 IPv6 Input
  3.51%  3.29%  3.33%   0 CEF: IPv4 proces
  3.03%  2.93%  2.92%   0 IP Input
  2.95%  2.89%  2.84%   0 Earl NDE Task

A typical SVI config looks like this:

interface Vlan202
  vrf forwarding PROD
  ip address 192.168.202.254 255.255.255.0
  ip verify unicast source reachable-via rx
  no ip proxy-arp
  ip flow ingress
  standby version 2
  standby 0 ip 192.168.202.1
  standby 1 ipv6 autoconfig
  ipv6 nd prefix 2001:db8:1:100::/64 900 600
  ipv6 nd router-preference High
  ipv6 traffic-filter IPV6_EDGE_NET_IN in
  arp timeout 1200

Note that we are *not* using "ipv6 address", but rather specifying the 
nd prefix only; since we would want to set the timers in any event, we 
figured why bother with the address (we don't care about it for 
debugging or static hosts - these are edge networks, with everything 
using SLAAC).

The box has a fair number of adjacencies:

#sh mls cef adjacency usage

Adjacency Table Size:     1048576
ACL region usage:         3
Non-stats region usage:   132
Stats region usage:       26881
Total adjacency usage:    27016

...and we see the CPU utilisation roughly track the number of adjacencies.

My question is: is there anything we can tweak to reduce the amount of 
CPU time spend in IPv6 ND (and maybe IPv4 ARP) maintenance? Obviously we 
can increase the arp timeout on IPv4 - is there an equivalent for IPv6? 
How does IOS behave w.r.t. ND table maintenance - when does it send NS 
messages to refresh the cache?

IOS is 12.2(33)SXJ and it looks like the enhanced neighbour cache 
commands are not in this version of IOS :o(

Any suggestions?

More information about the cisco-nsp mailing list