Re: Catalyst 6500 High Switch Proc

From: Jon Lewis (no email)
Date: Sat Nov 15 2008 - 16:57:38 EST

  • Next message: Florian Weimer: "Re: Catalyst 6500 High Switch Proc"

    On Sat, 15 Nov 2008, Philip L. wrote:

    > I've run into a bit of a snag and I hope some folks here may be able to
    > enlighten. From time to time I check the 'sh platform hardware capacity'
    > command on our Catalyst 6509s and have noticed this item:
    > CPU Resources
    > CPU utilization: Module 5 seconds 1 minute 5 minutes
    > 5 RP 1% / 0% 3% 4%
    > 5 SP 82% / 27% 62% 73%
    > This is shown on two 6509 switches that we operate as Core layer devices.
    > This value goes up to 85-90% during periods of peak traffic and I'm concerned
    > that this may be a problem.
    > Checking 'sh proc cpu' is usually 10% or less.
    > I've gone over this document backwards and forwards and none of the
    > situations outlined seem to apply here:
    > One thing to note, is that our main ACL for ingress traffic is applied here
    > due to historical reasons. It's roughly 5000 single host entries at present.
    > We also use these devices for NDE.

    This should probably be on cisco-nsp rather than nanog, but...

    5000 lines for ACL? I don't have any experience with ACLs of that size,
    but it sounds like a possible problem.

    If you're doing netflow export and not doing sampled netflow, I'm guessing
    this is where your problem is. sh mls netflow table-contention detailed
    might be able to confirm or rule this out.

      Jon Lewis | I route
      Senior Network Engineer | therefore you are
      Atlantic Net |
    _________ for PGP public key_________

  • Next message: Florian Weimer: "Re: Catalyst 6500 High Switch Proc"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD