[c-nsp] Shapping in/out on Ethernet subinterfaces (7206 NPE-G1) and CPU usage

Gauthier DOUCHET gauthier.douchet at gmail.com
Fri Feb 14 02:41:36 EST 2014

2014-02-13 14:10 GMT+01:00 Lukas Tribus <luky-37 at hotmail.com>:

> Don't know. Read "Troubleshooting High CPU Utilization on Cisco Routers"
> [1].
Ok thank you, I will study this link.

> Extremely wild guess: you may see increased bursty traffic due to NTP
> amplification attacks. Read the NTP DDoS thread [2]. Check whether host
> behind this router are vulnerable. This can really hit a software router
> hard.
> I will check that but I think this router is not concerned.

> > Would be a NPE-G2 sufficient on short term before moving to a real router
> > as a ASR 1k?
> What traffic patterns do you have? What are you doing on the box besides
> routing and NAT? IPsec? Nbar? Netflow?
> About the traffic, we have 60 mbps for the out interface and 2 x 30 mbps
for 2 in interfaces (customers side).

On this router, we are doing:
- VRF and NAT to internet for customers which have private subnet behind a
CPE (around 90 subinterfaces)
- simple routing for customers which have publics subnets behind a CPE
(around 20 subinterfaces)
- GRE tunnels (around 10)
- Nbar for QoS with shaping and policing.


Gauthier DOUCHET

More information about the cisco-nsp mailing list