On Wed, 2012-08-29 at 11:09 +0000, Brian Turnbow wrote: > 1 to generate an ip unreachable ? try disabling them on the SVI
Ahh, interesting idea. We have an ACL drop rate-limiter in place: mls rate-limit unicast ip icmp unreachable acl-drop 200 10 When replacing this with "... acl-drop 0" the punting stops. What puzzles me a little is that putting "no ip unreachables" on the interface doesn't change the punting, though it correctly makes the interface not send unreachables. If we know that the punting is limited to 200 pps it shouldn't matter too much. I've tried simply removing the ACL to see if the CPU overload disappears. But why would 200 pps even start making it sweat? > 2 I remember something about acl and netflow (punts to create flows) > but it was sup-2. I'm not sure if it still applies to sup-720 I was thinking somethink like this, but haven't been able to find anything. A "show fm fie interface Vlan41" says FIE_SUCCESS_NO_CONFLICT both with and without the ACL applied. I guess the unreachable part is to blame, and I wouldn't want to disable that anyway. -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
