On Sat, 15 Nov 2008, Philip L. wrote:
I've run into a bit of a snag and I hope some folks here may be able to
enlighten. From time to time I check the 'sh platform hardware capacity'
command on our Catalyst 6509s and have noticed this item:
CPU Resources
CPU utilization: Module 5 seconds 1 minute 5 minutes
5 RP 1% / 0% 3% 4%
5 SP 82% / 27% 62% 73%
This is shown on two 6509 switches that we operate as Core layer devices.
This value goes up to 85-90% during periods of peak traffic and I'm concerned
that this may be a problem.
Checking 'sh proc cpu' is usually 10% or less.
I've gone over this document backwards and forwards and none of the
situations outlined seem to apply here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00804916e0.shtml
One thing to note, is that our main ACL for ingress traffic is applied here
due to historical reasons. It's roughly 5000 single host entries at present.
We also use these devices for NDE.
This should probably be on cisco-nsp rather than nanog, but...
5000 lines for ACL? I don't have any experience with ACLs of that size,
but it sounds like a possible problem.
If you're doing netflow export and not doing sampled netflow, I'm guessing
this is where your problem is. sh mls netflow table-contention detailed
might be able to confirm or rule this out.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
