[c-nsp] R: Fwd: RP PAS iEdge output drops

Brian Turnbow b.turnbow at twt.it
Thu Jul 11 22:11:23 EDT 2013 

Hi Renato


> Here's the Virtual-Template1 config:
> 
> interface Virtual-Template1
>  ip unnumbered GigabitEthernet0/1
>  no ip redirects
>  no ip unreachables
>  peer default ip address pool POOL0
>  ppp authentication pap grp_rad
>  ppp authorization grp_rad
>  ppp accounting grp_rad
>  ppp ipcp dns xx.xx.xx.2 xx.xx.xx.2
> end
> 
> How can i disable iedge? The only policies i have are policy-map to rate-limit
> the traffic.

>From the above I don't see anything out of the ordinary, I'm not sure if ISG can be "disabled" and alot of different things are bundled into ISG. 
This will provide a complete list that you can check against your config

http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/12_2sr/isg_12_2sr_book.html

HTH

Brian

> 
> policy-map 50k
>  class class-default
>   police 50000 conform-action transmit  exceed-action drop
> 
> 
> 
> 2013/7/11 Brian Turnbow <b.turnbow at twt.it>
> 
> > Hi,
> >
> > > Hello!
> > >
> > > I have a Cisco 7206-NPE-G1 (Version 15.2(4)M3) used as PPPOE access
> > server.
> > >
> > > With about 180Mbit/s (input traffic on G0/1) i have about 65% of CPU
> > usage
> > > (1.8k users, 75% CPU). Right now there's about 1450 PPPoE sessions
> > > up on
> > 26
> > > VLANs (all on G0/2).
> > >
> > > CPU usage is very high due to interrupts:
> > >
> > > CPU utilization for five seconds: 62%/53%; one minute: 63%; five minutes:
> > > 64%
> > >
> > > On my debugging I saw the *RP PAS iEdge output* increasing very
> > > much, but didn't find any docs about iEdge.
> > >
> >
> > Iedge is intelligent services gateway search  for   ISG.
> > The traffic below may be hitting a configured policy.
> >
> >
> >
> > Regards
> >
> > Brian
> >
> >
> >
> > >
> > > PPPOE-BOX#sh ip cef switching statistics feature
> > > IPv4 CEF input features:
> > > Path   Feature                Drop    Consume       Punt  Punt2Host Gave
> > > route
> > > RP PAS iEdge                891047          0          0          0
> > >  0
> > > Total                       891047          0          0          0
> > >  0
> > >
> > > IPv4 CEF output features:
> > > Path   Feature                Drop    Consume       Punt  Punt2Host
> >  New
> > > i/f
> > > RP PAS iEdge               7345601          0          0          0
> > >  0
> > > Total                      7345601          0          0          0
> > >  0
> > >
> > >
> > > Some of the traffic I got on the debuggin ip cef drops (the source
> > > IP
> > normally
> > > is from google or akamai servers):
> > >
> > > *Jul 10 14:23:21.444: CEF-Drop: Packet from 208.117.252.52 (Gi0/1)
> > > to
> > > xx.xx.xx.185 (Vi2.1174), Output feature iEdge
> > > *Jul 10 14:23:21.444:   ihl=20, length=1492, tos=0, ttl=58,
> > checksum=65421,
> > > offset=0 DF
> > > *Jul 10 14:23:21.444:     TCP src=80, dst=20172, seq=2348994103,
> > > ack=2111570742, win=320 ACK
> > > *Jul 10 14:23:21.444: CEF-Drop: Packet from 74.125.234.196 (Gi0/1)
> > > to
> > > xx.xx.xx.40 (Vi2.42), Output feature iEdge
> > > *Jul 10 14:23:21.444:   ihl=20, length=1470, tos=0, ttl=58,
> > checksum=14648,
> > > offset=0
> > > *Jul 10 14:23:21.444:     TCP src=443, dst=49451, seq=3087091975,
> > > ack=922028286, win=1002 ACK
> > > *Jul 10 14:23:21.444: CEF-Drop: Packet from 74.125.234.34 (Gi0/1) to
> > > xx.xx.xx.90 (Vi2.1366), Output feature iEdge
> > > *Jul 10 14:23:21.444:   ihl=20, length=1470, tos=0, ttl=59,
> > checksum=28825,
> > > offset=0
> > > *Jul 10 14:23:21.444:     TCP src=80, dst=2855, seq=1014058092,
> > > ack=1851824944, win=63784 ACK
> > > *Jul 10 14:23:21.448: CEF-Drop: Packet from 74.125.234.34 (Gi0/1) to
> > > xx.xx.xx.90 (Vi2.1366), Output feature iEdge
> > > *Jul 10 14:23:21.448:   ihl=20, length=1470, tos=0, ttl=59,
> > checksum=28824,
> > > offset=0
> > > *Jul 10 14:23:21.448:     TCP src=80, dst=2855, seq=1014059522,
> > > ack=1851824944, win=63784 ACK
> > >
> > > Thanks for your attention!
> > >
> > > --
> > >
> > > *Renato Ornelas | **Open X *- Soluções para ISPs
> > > (31) 9145.0190
> > > renato at openx.com.br
> > > http://www.openx.com.br
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> > ---
> > This e-mail is intended only for the addressee named above.
> > As this e-mail may contain confidential or privileged information, if
> > you are not the named addressee, you are not authorized to retain,
> > read, copy or disseminate this message or any part of it.
> >
> > Please consider your environmental responsibility before printing this
> > e-mail.
> >
> >
> >
> 
> 
> --
> 
> *Renato Ornelas | **Open X *- Soluções para ISPs
> (31) 9145.0190
> renato at openx.com.br
> http://www.openx.com.br
> 
> 
> 
> --
> 
> *Renato Ornelas | **Open X *- Soluções para ISPs
> (31) 9145.0190
> renato at openx.com.br
> http://www.openx.com.br
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list