[c-nsp] Fwd: RP PAS iEdge output drops
Renato Ornelas
renato at openx.com.br
Thu Jul 11 13:53:46 EDT 2013
Here's the Virtual-Template1 config:
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
no ip redirects
no ip unreachables
peer default ip address pool POOL0
ppp authentication pap grp_rad
ppp authorization grp_rad
ppp accounting grp_rad
ppp ipcp dns xx.xx.xx.2 xx.xx.xx.2
end
How can i disable iedge? The only policies i have are policy-map to
rate-limit the traffic.
policy-map 50k
class class-default
police 50000 conform-action transmit exceed-action drop
2013/7/11 Brian Turnbow <b.turnbow at twt.it>
> Hi,
>
> > Hello!
> >
> > I have a Cisco 7206-NPE-G1 (Version 15.2(4)M3) used as PPPOE access
> server.
> >
> > With about 180Mbit/s (input traffic on G0/1) i have about 65% of CPU
> usage
> > (1.8k users, 75% CPU). Right now there's about 1450 PPPoE sessions up on
> 26
> > VLANs (all on G0/2).
> >
> > CPU usage is very high due to interrupts:
> >
> > CPU utilization for five seconds: 62%/53%; one minute: 63%; five minutes:
> > 64%
> >
> > On my debugging I saw the *RP PAS iEdge output* increasing very much, but
> > didn't find any docs about iEdge.
> >
>
> Iedge is intelligent services gateway search for ISG.
> The traffic below may be hitting a configured policy.
>
>
>
> Regards
>
> Brian
>
>
>
> >
> > PPPOE-BOX#sh ip cef switching statistics feature
> > IPv4 CEF input features:
> > Path Feature Drop Consume Punt Punt2Host Gave
> > route
> > RP PAS iEdge 891047 0 0 0
> > 0
> > Total 891047 0 0 0
> > 0
> >
> > IPv4 CEF output features:
> > Path Feature Drop Consume Punt Punt2Host
> New
> > i/f
> > RP PAS iEdge 7345601 0 0 0
> > 0
> > Total 7345601 0 0 0
> > 0
> >
> >
> > Some of the traffic I got on the debuggin ip cef drops (the source IP
> normally
> > is from google or akamai servers):
> >
> > *Jul 10 14:23:21.444: CEF-Drop: Packet from 208.117.252.52 (Gi0/1) to
> > xx.xx.xx.185 (Vi2.1174), Output feature iEdge
> > *Jul 10 14:23:21.444: ihl=20, length=1492, tos=0, ttl=58,
> checksum=65421,
> > offset=0 DF
> > *Jul 10 14:23:21.444: TCP src=80, dst=20172, seq=2348994103,
> > ack=2111570742, win=320 ACK
> > *Jul 10 14:23:21.444: CEF-Drop: Packet from 74.125.234.196 (Gi0/1) to
> > xx.xx.xx.40 (Vi2.42), Output feature iEdge
> > *Jul 10 14:23:21.444: ihl=20, length=1470, tos=0, ttl=58,
> checksum=14648,
> > offset=0
> > *Jul 10 14:23:21.444: TCP src=443, dst=49451, seq=3087091975,
> > ack=922028286, win=1002 ACK
> > *Jul 10 14:23:21.444: CEF-Drop: Packet from 74.125.234.34 (Gi0/1) to
> > xx.xx.xx.90 (Vi2.1366), Output feature iEdge
> > *Jul 10 14:23:21.444: ihl=20, length=1470, tos=0, ttl=59,
> checksum=28825,
> > offset=0
> > *Jul 10 14:23:21.444: TCP src=80, dst=2855, seq=1014058092,
> > ack=1851824944, win=63784 ACK
> > *Jul 10 14:23:21.448: CEF-Drop: Packet from 74.125.234.34 (Gi0/1) to
> > xx.xx.xx.90 (Vi2.1366), Output feature iEdge
> > *Jul 10 14:23:21.448: ihl=20, length=1470, tos=0, ttl=59,
> checksum=28824,
> > offset=0
> > *Jul 10 14:23:21.448: TCP src=80, dst=2855, seq=1014059522,
> > ack=1851824944, win=63784 ACK
> >
> > Thanks for your attention!
> >
> > --
> >
> > *Renato Ornelas | **Open X *- Soluções para ISPs
> > (31) 9145.0190
> > renato at openx.com.br
> > http://www.openx.com.br
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ---
> This e-mail is intended only for the addressee named above.
> As this e-mail may contain confidential or privileged information,
> if you are not the named addressee, you are not authorized to retain, read,
> copy or disseminate this message or any part of it.
>
> Please consider your environmental responsibility before printing this
> e-mail.
>
>
>
--
*Renato Ornelas | **Open X *- Soluções para ISPs
(31) 9145.0190
renato at openx.com.br
http://www.openx.com.br
--
*Renato Ornelas | **Open X *- Soluções para ISPs
(31) 9145.0190
renato at openx.com.br
http://www.openx.com.br
More information about the cisco-nsp
mailing list