[109302] in North American Network Operators' Group
Re: Catalyst 6500 High Switch Proc
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Nov 15 16:57:45 2008
Date: Sat, 15 Nov 2008 16:57:38 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: "Philip L." <phil@mindfury.net>
In-Reply-To: <491F40A0.5060302@mindfury.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Sat, 15 Nov 2008, Philip L. wrote:
> I've run into a bit of a snag and I hope some folks here may be able to
> enlighten. From time to time I check the 'sh platform hardware capacity'
> command on our Catalyst 6509s and have noticed this item:
>
> CPU Resources
> CPU utilization: Module 5 seconds 1 minute 5 minutes
> 5 RP 1% / 0% 3% 4%
> 5 SP 82% / 27% 62% 73%
>
> This is shown on two 6509 switches that we operate as Core layer devices.
> This value goes up to 85-90% during periods of peak traffic and I'm concerned
> that this may be a problem.
>
> Checking 'sh proc cpu' is usually 10% or less.
>
> I've gone over this document backwards and forwards and none of the
> situations outlined seem to apply here:
> http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00804916e0.shtml
>
> One thing to note, is that our main ACL for ingress traffic is applied here
> due to historical reasons. It's roughly 5000 single host entries at present.
> We also use these devices for NDE.
This should probably be on cisco-nsp rather than nanog, but...
5000 lines for ACL? I don't have any experience with ACLs of that size,
but it sounds like a possible problem.
If you're doing netflow export and not doing sampled netflow, I'm guessing
this is where your problem is. sh mls netflow table-contention detailed
might be able to confirm or rule this out.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
