M.C. van den Bovenkamp wrote: > > Elijah Savage wrote: > > > I have actually been told by TAC before IP Input, for what it > is worth > > :) > > Not much, anymore :-). It's been a *long* time (IOS 10.x?) > since access > lists were process switched, and thus would show up as extra > time spent > in 'IP Input'.
Yes, that's true indeed that access lists don't cause process switching anymore, so wouldn't show up in IP Input. Thanks for everyone's advice. It sounds like Marty has the right approach. Although access lists aren't process switched, they are generally fast switched unless the router supports some other feature (like silicon switching) or some fancy configuration like CEF or NetFlow? So, the thing to look for is a high utilization caused by interrupts (the number after the slash). I can't safely turn them off and test, so I think I will try to simulate the network and traffic in a lab to test my theory that they are an issue. It's a 2621 router with lots of entries in the access lists that are applied. I think it's time to offload a lot of the policy represented by the lists to a PIX firewall. Here's a good URL on troubleshooting high CPU util, by the way: http://www.cisco.com/warp/public/63/highcpu.html Thanks Priscilla > > Regards, > > Marco. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=75078&t=75002 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
