John, Bob, Raj, Phillip and the Group,
I hadn't thought of CEF much as I "thought" it wasn't available on the
smaller routers. i.e. - only on the routers with line cards etc.
However, I just enabled CEF on a 2611 and it created its table on the fly in
no time flat. The 2611 won't do dCEF however. Also, the smaller routers
can't do cef accounting.
Anyway, now I have to mock something up in the lab to see if we can
determine how much of any improvement CEF will give us. Since we're not
using CEF anywhere in our network I can't just turn it on without a bit more
research.
If it only lessens the CPU load by a few percent then bigger hardware is in
our future, but if we see gains of 20% or more then CEF would indeed be a
cheap solution.
I noticed that CEF has issues with policy routing and other features - but
so far we're not using any of them.
So, another question - does anyone have any idea/experience on how much CEF
will gain for us? Given the average 50% load on the router - practically
all switching load???
tia
Kevin Wigle
----- Original Message -----
From: "John Neiberger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, February 12, 2001 4:11 PM
Subject: Re: Can someone interpret this please?
> I just checked CCO and there are so many CPU-related bugs in 12.0(5) that
I stopped counting after a while. You might want to upgrade, if feasible.
>
> Also, try doing a show align to see if you're getting spurious memory
access errors. One of the bugs mentioned a high CPU usage due to these.
>
> HTH,
> John
>
> >
> > Bob, Phil - and the group.....
> >
> > Thanks for the input, gives me more to think about.
> >
> > Some more history..........
> >
> > This router is a 3620 with OC3 and FastEthernet interfaces. It has 48
meg
> > and is running 12.0(5)XK1.
> >
> > According to Cisco's docs, the 3620 should be able to handle around
20-40
> > kpps.
> >
> > However, the router shows only around 2.6 kpps almost evenly split
in/out.
> >
> > I have been unable to verify exactly on CCO but I suspect that a 3620
cannot
> > handle (very well) two high-speed interfaces - more specifically if one
is
> > OC3.
> >
> > I have found info where Cisco, when talking about the OC3 interface for
the
> > 3600 series stated:
> >
> > "Max two high-speed network modules in a Cisco 3640 (includes Fast
Ethernet,
> > ATM, HSSI)"
> >
> > Now the 3640 has a 100mhz processor and the 3620 has a 80 mhz processor.
> >
> > I'm wondering if the SAR process is overwhelming the 3620? I'm sure I
read
> > someplace that only one high-speed interface was recommended for the
3620
> > but I haven't found that info again.
> >
> > Considering the low level of traffic, what else could be keeping the cpu
> > utilization up so high? Need more info..... let me know!
> >
> > Kevin Wigle
> >
> >
> > ----- Original Message -----
> > From: "Phillip Heller" <[EMAIL PROTECTED]>
> > To: "Kevin Wigle" <[EMAIL PROTECTED]>
> > Cc: "cisco" <[EMAIL PROTECTED]>
> > Sent: Monday, February 12, 2001 2:12 PM
> > Subject: Re: Can someone interpret this please?
> >
> >
> > > On Mon, 12 Feb 2001, Kevin Wigle wrote:
> > >
> > > Dear group,
> > >
> > > Investigating a router that is starting to loaded down. When I do
a
> > sh proc
> > > cpu I get 50% or cpu utilization but the stats don't seem to add
up to
> > 50%.
> > >
> > > Is there another way to try and see where the 50% is coming from?
> > >
> > > sh proc cpu
> > > CPU utilization for five seconds: 44%/44%; one minute: 50%; five
> > minutes:
> > > 52%
> > >
> > > The five second utilization numbers in the above line (44%/44%)
represent
> > > two things. The first number is total processor utilization and the
> > > second is processor utilization due to interrupts. The difference in
> > > these two numbers would be the sum of 5sec utilization by all other
> > > processes.
> > >
> > > If utilization due to interrupts increases over time, it represents
> > > traffic growth. If it jumps alot in a short amount of time, it may be
a
> > > DoS attack. You can verify the latter by turning on "ip route-cache
flow"
> > > on suspected interfaces and then looking at the output of "sh ip cache
> > > flow".
> > >
> > > If the processor gets too high with legitimate traffic, you can use
cef or
> > > dcef (ip route-cache cef, ip cef distributed).
> > >
> > > Failing that, you'll probably more beefy hardware.
> > >
> > > Regards,
> > >
> > > --phil
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
