The most efficient way to filter all prefixes from a peer is "no
neighbor x.x.x.x" :) But seriously like Mike said, there is no good
reason to have a peer and filter all the prefixes from it.
If you are seeing CPU spikes during BGP scanner I don't see how
disabling next hop tracking will help you and during reconvergence we
really want to spend as much CPU as possible getting to a converged
state. My understanding of next hop tracking is that it is event driven
(something along the lines of registering for an event callback with
the RIB when a next hop changes) not scanner driven so it should
consume essentially no CPU resources until an event happens.
As for the efficiency of route filter methods.. prefix lists and ACLs
are less CPU intensive than as-path.
-Ben
On Nov 15, 2010, at 5:45 PM, Michael K. Smith - Adhost wrote:
Are you having to reduce BGP usage because your processor is pegged
all the time with BGP processes (scanner, etc.) or because it
spikes? The processor is supposed to spike while it's doing it's
updates. Here's a GSR's output while scanning.
CPU utilization for five seconds: 99%/0%; one minute: 19%; five
minutes: 15%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
200 2553083580 15050987 169631 96.00% 16.87% 12.84% 0 BGP
Scanner
If you're going to apply a .* deny, why have the peer at all?
You're not going to get any routes. You might want to consider
accepting a default-only from a provider. This will certainly cut
down on the amount of processor for scanning, although it will still
hit 99% when it's running, would be my guess.
Mike
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC [email protected]
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)
-----Original Message-----
From: [email protected] [mailto:cisco-nsp-
[email protected]] On Behalf Of Robert Hass
Sent: Monday, November 15, 2010 2:28 PM
To: [email protected]
Subject: [c-nsp] BGP and decrease CPU usage
Hi
I was wondering is disabling 'bgp nexthop trigger' will decrease a
little CPU usage on router ? Eg.:
cisco(config)#router bgp 111
cisco(config-router)#address-family ipv4
cisco(config-router)#no bgp nexthop trigger enable
Router currently holds 3 full BGP feeds from external peers and
nearly
ony full from iBGP.
Question for Cisco engineers with deep inside IOS knowledge: What is
most low CPU consuming way to filter all prefixes from neighbor ?
a) as-path filter deny .*
b) route-map XX deny 10
c) some sort of deny ACL (ext: deny ip any any / or standard: deny
any) or prefix-list ?
d) different way ?
I'm gonna to do some tweaks inside BGP configuration for save some
router CPU power.
Robert
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
