[f-nsp] High load on the MLX lp's cpu - how to avoid a fallback to software routing in case of one arm routing situations

Gunther Stammwitz gstammw at gmx.net
Sun Dec 10 10:08:19 EST 2006


Hello,

I just wanted to document to the list that there is a bug (oh sorry..
foundry is calling this some sort of "feature" and doesn't want to change
it) in the netiron mlx software 3.1 that causes the line card to fall back
to cpu switching instead of hardware routing in one-arm-routing-situations.
This means if traffic is entering and leaving the router on the same
physical interface - different vlans or ves don't matter - parts of it will
be cpu switched. Foundry is calling this one arm routing.


You can see packets that are being handled by the line card's cpu by issuing
the following commands:
show who  -  check which telnet/SSH session you are accessing the switch
from.
debug destination telnet x (where x = telnet session) [or ssh...]
dm raw x (where x = slot number)
rconsole (where x = slot number)
enable
debug packet capture  (run this command several times to capture a good
sample)
Exit from rconsole and run dm raw x again to turn off dm raw on that slot.


The solution is to turn icmp redirects of globally.
conf ter
no ip icmp redirect
Exit

The explanation for the behavior is that the high CPU on the LP was a result
of ICMP redirects. 
As the traffic was coming in on port 1/1 and leaving back again on the same
port packets were sent to the CPU to see if the router needs to perform
source port suppression. As this is a routed traffic we do not need to
perform the source port suppression! It is suggested that in case of one arm
routing one should configure "no ip icmp redirect" globally. This will then
program the CAM for one arm routed traffic to the outgoing port and the
traffic will not hit the CPU which resolves the situation.

I'm not really sure what exactly source port suppression is but after
googling I found this explanation:
"source port suppression conditionally prevents the blade from
retransmitting packets it just received. For example, this might occur in a
broadcast situation where packets with unknown addresses are sent to all
ports."


Well... I hope this can save you some headaches. Check your LP's cpu load
from time to time.

Gunther








More information about the foundry-nsp mailing list