[f-nsp] BigIron 4k with JetCore

Brendan Mannella bmannella at teraswitch.com
Mon Jul 14 11:50:24 EDT 2008


Excellent information! Thanks alot. 

Do you recommend i use the cam-partition command you gave me? 

cam-partition l2 7 l3 68 l4 25 



----- Original Message ----- 
From: "Jeroen Wunnink" <jeroen at easyhosting.nl> 
To: "Brendan Mannella" <bmannella at teraswitch.com>, foundry-nsp at puck.nether.net 
Sent: Monday, July 14, 2008 11:41:49 AM GMT -05:00 US/Canada Eastern 
Subject: Re: [f-nsp] BigIron 4k with JetCore 

Hi Brendan, 

The first 4 ports on slot 3 look fairly loaded: 

Layer 3 sw index range: 
L3 L3 1 - 2047 (0x00001 - 0x007ff), free 1964 (0x007ac) 
L3 L2 2048 - 4095 (0x00800 - 0x00fff), free 1118 (0x0045e) 
L3 4096 - 32767 (0x01000 - 0x07fff), free 13172 (0x03374) 

Is this a snapshot of peak-time or at low usage ?, if there's a 
sudden surge with for example a synflood which makes a ton of 
connections, those 13000 remaining free L3 entries can run out pretty 
fast resulting in the router throwing the L3 routing part over the 
CPU (that's when the domino effect starts happening on connections 
getting lost once the CPU maxes out) 

Some ideas: 
You could set the cam-partition on slot 3 to allocate more space to 
layer 3 (L3) and less to layer 2 (L2) if you don't use it much for 
switching. The minimum for L4 is a mandatory 25% though. 

enable the quick-aging option with the cpu-protection feature, which 
cuts the cam expire timer in half if the CPU or CAM load is over a 
certain threshold. (you can set some conditions and actions here) 

Devide the busiest uplinks between more port groups 

I've seen our L3 CAM space run out very fast once the maximum 
ip-cache hit it's limit, check if the system-max is set to 400000 for 
the ip-cache 

note: You'll need to reload the device once you re-partitioned the 
cam or increased the system-max settings 

We've had our fair share of CPU spikes and CAM exhaust issues in the 
past on our Irconcore and Jetcore BI4k equipment , these were the 
main issues and solutions that solved it for us with some help from 
Foundry TAC and NLNOG'ers (Dutch network admins) 


At 16:36 14-7-2008, Brendan Mannella wrote: 
>Here is a copy and paste of the "sh cam-part det". Does it look exhausted? 
>[snip..] 



Met vriendelijke groet, 

Jeroen Wunnink, 
EasyHosting B.V. Systeembeheerder 
systeembeheer at easyhosting.nl 

telefoon:+31 (035) 6285455 Postbus 48 
fax: +31 (035) 6838242 3755 ZG Eemnes 

http://www.easyhosting.nl 
http://www.easycolocate.nl 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20080714/33f22cd8/attachment.html>


More information about the foundry-nsp mailing list