[e-nsp] x650 CPU Load
Robert Kerr
r.kerr at cranfield.ac.uk
Tue Mar 5 08:09:03 EST 2013
On 05/03/13 12:03, Marcin Kuczera wrote:
> So - pure L2 VLAN with broadcast traffic that 100% goes towards CPU -
> isn't is strage ?
> No L3 interface on that vlan, but switch behaves like it is in promisc
> mode on that and any other vlan !
> We tried to disable learning on that vlan but it doesn't help, only
> taking down this broadcast oriented traffic help.
> (and than Cacti works fine, so snmpwalk has some low timeout on snmpwalk..
> Is there any command to turn on/off promisc mode for CPU ?
> For me it rather looks like a bug ?
In addition to disabling learning, have you made sure IGMP snooping and
bootprelay are switched off for the VLAN?
You might also try an ACL with the 'deny-cpu' action? Totally untested
of course... it might just blackhole the traffic entirely.
Other than that I don't know - I have heard of people wrapping mirrored
traffic in GRE tunnels to avoid such issues (cisco ERSPAN does this).
Perhaps this may be an option depending on the source and destination.
We tend to use passive taps with direct cabling to the monitoring box to
avoid this sort of thing.
--
Robert Kerr
More information about the extreme-nsp
mailing list