[c-nsp] 3850?
Chuck Church
chuckchurch at gmail.com
Thu Apr 9 22:51:35 EDT 2015
Wouldn't the CAR be the reason for the drops on the interface? For that
traffic load, a 720x with an NPE-G1 (maybe even G2) might be in your budget
and would support NF and NBAR. Not great NBAR, since I think all the recent
development for NBAR is going in the newer trains for ISR G2 and ASRs. The
older NBAR tends to group a lot of stuff these days in the default category,
at least for dynamic port stuff like bit torrent. Normal port 80 and 443
stuff it'll identify, but so will NetFlow.
Chuck
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam
Greene
Sent: Thursday, April 09, 2015 4:55 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 3850?
Thanks guys.
Re: the dropping traffic:
The inbound traffic that appears to be dropping is for a mix of destinations
in a service provider environment: mail servers, web servers, and broadband
end-users.
ip cef is enabled on all physical and virtual interfaces according to 'sh ip
int' and 'sh cef int'. However, there is a lot going to the processor on the
interface in question:
3750G#sh int g2/0/17 stats
GigabitEthernet2/0/17
Switch path Pkts In Chars In Pkts Out Chars Out
Processor 97455044 1696659687 11378007 1004114773
Route cache 9380325 2015494842 1774316 128292897
Total 106835369 3712154529 13152323 1132407670
A ' debug ip cef drop' shows that the cef drops appear to be on traffic
destined for an interface with multiple secondary IP addresses and CAR on
it. Hmm. Maybe I'll remove the CAR; don't really need it there anymore.
Re: FNF & NBAR, it sounds like I should plan to leave off the NBAR. Thought
it would be nice for classifying the traffic, but not if it's going to cause
performance hits. We can leave NBAR to the routers.
In terms of how much routing these L3 switches are doing, the one in
question has (6) routed ports and (38) SVIs. Only about 200 routes in total,
though. The brunt of the traffic (i.e. the 125Mbps aggregate increasing to
450Mbps aggregate in 3 years) is going through a routed port.
One of the reasons for upgrading the switches is to get FNF support, but I
assumed that the input drops meant the 3750's just couldn't keep up. If you
think it's just a matter of finding and eliminating the drops, maybe we'll
save some $$ and hold off upgrading for now ... the FNF is not completely
essential, just convenient.
4948E's ... *wistful sigh* ... if we had the budget ...
Here's some stuff about FNF on 3850's:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/rele
ase/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_385
0_cg_chapter_010.html
-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de]
Sent: Thursday, April 09, 2015 4:21 PM
To: Alan Buxey
Cc: Gert Doering; Adam Greene; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 3850?
Hi,
On Thu, Apr 09, 2015 at 08:59:25PM +0100, Alan Buxey wrote:
> Cisco have been dumping quite a lot of features into their 38xx
> stores. .. and even 2960x!! The netflow features on both is far far
> ahead of their historical investments into 'edge switching'. They
> might even now compare to the options that HP offer ;)
Since this is c-nsp, I'm not sure if others are aware of "what HP offers"
- I'm certainly not (and last time I looked, their switches were fairly dumb
and didn't do *any* netflow).
So, do you have any references on the netflow features supported on 2960x
and 38xx?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list