[c-nsp] Copying new IOS to 7600 resulting in IPC logs

Chuck Church chuckchurch at gmail.com
Thu May 3 21:38:58 EDT 2018 

I tried to do SCP to a 3560 recently because it was on the 'outside' of a stateful FW and the switch acting as a server was the only way I could get an image to it.  Getting folks to change FW rules wasn't easy.   I think I got like 3 kbps throughput to it, at 99% CPU.  It was painful to watch.  😊

Chuck

-----Original Message-----
From: Frank Bulk <frnkblk at iname.com> 
Sent: Wednesday, May 02, 2018 6:37 PM
To: 'Chuck Church' <chuckchurch at gmail.com>; 'James Bensley' <jwbensley at gmail.com>; 'Cisco-nsp List' <cisco-nsp at puck.nether.net>
Subject: RE: [c-nsp] Copying new IOS to 7600 resulting in IPC logs

Just because I like to choose secure TCP rather than insecure UDP.  I'm not dogmatic about it, and it looks like it has its impacts.

Thanks for all the feedback.

Frank

-----Original Message-----
From: Chuck Church <chuckchurch at gmail.com>
Sent: Wednesday, May 02, 2018 5:26 PM
To: 'James Bensley' <jwbensley at gmail.com>; 'Frank Bulk' <frnkblk at iname.com>; 'Cisco-nsp List' <cisco-nsp at puck.nether.net>
Subject: RE: [c-nsp] Copying new IOS to 7600 resulting in IPC logs

Is there a reason you need to use SCP?  The crypto overhead is pretty massive.  Granted it's more secure, but the CPU hit is bad on many older devices.

Chuck

-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of James Bensley
Sent: Wednesday, May 02, 2018 10:41 AM
To: Frank Bulk <frnkblk at iname.com>; Cisco-nsp List <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Copying new IOS to 7600 resulting in IPC logs

On 2 May 2018 at 14:00, Frank Bulk <frnkblk at iname.com> wrote:
> No, I do not have anything set.  What do you recommend for a value?
>
> Frank

Hi Frank,

The default value is 200 (ms). You need to have a play to find out whats right for you. Some 7600s we have with many hundreds of BGP sessions that have developed a bit of a flop sweat, I think they are set to 100ms which seems to work OK.

Cheers,
James.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list