[c-nsp] sup720 ICMP redirects "once per second"

Phil Mayers p.mayers at imperial.ac.uk
Mon Feb 11 09:40:20 EST 2013


On 11/02/13 14:30, Jared Mauch wrote:
>
> On Feb 11, 2013, at 9:17 AM, Phil Mayers <p.mayers at imperial.ac.uk>
> wrote:
>
>> All,
>>
>> Does anyone know which knob controls the "only send 1 ICMP redirect
>> / sec" on an HSRP-enabled SVI on 6500/sup720 (SXJ IOS)? Is there a
>> "show" command for the defaults / current setting?
>>
>> Note: I am not talking about the redirect MLS rate-limiter here;
>> that's disabled. I'm seeing constant traffic flowing and would
>> expect constant ICMP redirects, but that's not happening - they're
>> coming at regular 1-second intervals, regardless of the underlying
>> packet arrival rate.
>
> This may be some limiter similar to that which first showed up in
> Solaris 2.6 for the icmp error rate.

Probably, but I'm hoping for some documentation on how it works. If I'm 
reading it right, it looks like the forwarding hardware is forwarding 
the packets, and only punting 1/sec to CPU.

>
> I know that we always turn off IPv4 and IPv6 redirects to avoid even
> generating them.  It's typically best used with the "ip route-ca
> same-interface" command.

It's another one of those "no ip proxy-arp" commands - sup720 is slow 
enough that yet more commands in the NVGEN is something I'd like to 
avoid. Oh for a globals/templating.

>
> If folks want to hairpin traffic, that's fine.. just want to prevent
> slowing it down.

Sure; the background is I'm troubleshooting some weird problem with a 
legacy connection configured like so:

6500 --- subnet1 --- Cisco 3600 --- subnet2 --- host2
            |
          host1

...and host1 <-> host2 traffic failing under certain circumstances. 
Needless to say, host1 has the 6500 as its gateway (and the SVI is HSRP 
enabled, to add to the complexity).

We'll probably move away from the config, but I'd like to understand the 
nature of the problem first, rather than cargo-cult it, and this weird 
"only one redirect/second" is confusing me...


More information about the cisco-nsp mailing list