I tried to do SCP to a 3560 recently because it was on the 'outside' of a stateful FW and the switch acting as a server was the only way I could get an image to it. Getting folks to change FW rules wasn't easy. I think I got like 3 kbps throughput to it, at 99% CPU. It was painful to watch. 😊
Chuck -----Original Message----- From: Frank Bulk <[email protected]> Sent: Wednesday, May 02, 2018 6:37 PM To: 'Chuck Church' <[email protected]>; 'James Bensley' <[email protected]>; 'Cisco-nsp List' <[email protected]> Subject: RE: [c-nsp] Copying new IOS to 7600 resulting in IPC logs Just because I like to choose secure TCP rather than insecure UDP. I'm not dogmatic about it, and it looks like it has its impacts. Thanks for all the feedback. Frank -----Original Message----- From: Chuck Church <[email protected]> Sent: Wednesday, May 02, 2018 5:26 PM To: 'James Bensley' <[email protected]>; 'Frank Bulk' <[email protected]>; 'Cisco-nsp List' <[email protected]> Subject: RE: [c-nsp] Copying new IOS to 7600 resulting in IPC logs Is there a reason you need to use SCP? The crypto overhead is pretty massive. Granted it's more secure, but the CPU hit is bad on many older devices. Chuck -----Original Message----- From: cisco-nsp <[email protected]> On Behalf Of James Bensley Sent: Wednesday, May 02, 2018 10:41 AM To: Frank Bulk <[email protected]>; Cisco-nsp List <[email protected]> Subject: Re: [c-nsp] Copying new IOS to 7600 resulting in IPC logs On 2 May 2018 at 14:00, Frank Bulk <[email protected]> wrote: > No, I do not have anything set. What do you recommend for a value? > > Frank Hi Frank, The default value is 200 (ms). You need to have a play to find out whats right for you. Some 7600s we have with many hundreds of BGP sessions that have developed a bit of a flop sweat, I think they are set to 100ms which seems to work OK. Cheers, James. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
