North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Catalyst 6500 High Switch Proc

  • From: Jon Lewis
  • Date: Sat Nov 15 16:57:50 2008
On Sat, 15 Nov 2008, Philip L. wrote:

I've run into a bit of a snag and I hope some folks here may be able to enlighten. From time to time I check the 'sh platform hardware capacity' command on our Catalyst 6509s and have noticed this item:

CPU Resources
CPU utilization: Module             5 seconds       1 minute       5 minutes
                 5  RP               1% /  0%             3%              4%
                 5  SP              82% / 27%            62%             73%

This is shown on two 6509 switches that we operate as Core layer devices. This value goes up to 85-90% during periods of peak traffic and I'm concerned that this may be a problem.

Checking 'sh proc cpu' is usually 10% or less.

I've gone over this document backwards and forwards and none of the situations outlined seem to apply here:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00804916e0.shtml

One thing to note, is that our main ACL for ingress traffic is applied here due to historical reasons. It's roughly 5000 single host entries at present. We also use these devices for NDE.

This should probably be on cisco-nsp rather than nanog, but...

5000 lines for ACL? I don't have any experience with ACLs of that size, but it sounds like a possible problem.

If you're doing netflow export and not doing sampled netflow, I'm guessing this is where your problem is. sh mls netflow table-contention detailed
might be able to confirm or rule this out.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________