[c-nsp] Shapping in/out on Ethernet subinterfaces (7206 NPE-G1) and CPU usage

Gauthier DOUCHET gauthier.douchet at gmail.com
Fri Feb 14 02:41:36 EST 2014


Hi
2014-02-13 14:10 GMT+01:00 Lukas Tribus <luky-37 at hotmail.com>:

>
>
> Don't know. Read "Troubleshooting High CPU Utilization on Cisco Routers"
> [1].
>
Ok thank you, I will study this link.

>
> Extremely wild guess: you may see increased bursty traffic due to NTP
> amplification attacks. Read the NTP DDoS thread [2]. Check whether host
> behind this router are vulnerable. This can really hit a software router
> hard.
>
> I will check that but I think this router is not concerned.

>
>
> > Would be a NPE-G2 sufficient on short term before moving to a real router
> > as a ASR 1k?
>
> What traffic patterns do you have? What are you doing on the box besides
> routing and NAT? IPsec? Nbar? Netflow?
>
> About the traffic, we have 60 mbps for the out interface and 2 x 30 mbps
for 2 in interfaces (customers side).

On this router, we are doing:
- VRF and NAT to internet for customers which have private subnet behind a
CPE (around 90 subinterfaces)
- simple routing for customers which have publics subnets behind a CPE
(around 20 subinterfaces)
- GRE tunnels (around 10)
- Nbar for QoS with shaping and policing.

Regards,
Gauthier


-- 
Gauthier DOUCHET


More information about the cisco-nsp mailing list