Showing results for 
Search instead for 
Did you mean: 
Community Live

Controlling RP CPU Usage when Using the Mini Protocol Analyzer for the 6500 and 7600 Series Platforms


Rodney Dunn, Escalation Engineer, Cisco TAC.

Packet loss troubleshooting can be a difficult task along a path through the network when hardware forwarding devices are used. For the software forwarding devices, the Embedded Packet Capture feature was developed. An extension to that was implemented for the 6500/7600 series platforms to help users capture frames and export the traces to a PCAP file for offline analysis. The feature specific to those platforms is called the Mini Protocol Analyzer.

Check out the configuration guide online.

One of the concerns with this feature is what would be the CPU impact on the RP (control plane CPU) when enabling the feature and how to limit that? This is controlled by understanding the filtering mechanisms for the capture and also the order the filters are applied.

The filters are applied in the following order:

1. VLAN filter is applied even before the packet is accepted by the span asic for replication. Impact: None as it's done in the hardware forwarding path.

2. If a filter ACL is configured in the span capture submode the ACL will be applied in the hardware even before the rate limiter is applied. Impact: None as it's done in the hardware forwarding path.

3. Packet length will be matched in software on the RP and if the Length doesn't match the packet will be dropped in software at the RP. Impact: Length checking on the packets that do make it through the previous filters will result in RP CPU usage and the amount will correlate to the rate at which the traffic reaches the RP.

4. After packet length is checked the ethertype will be checked. This is also done in the software forwarding path on the RP. Impact: Same as packet length in that the CPU will be impacted by the rate at which traffic made it out of the hardware forwarding path.

5. If there is a software filter ACL (exec-mode) configured that will be applied as the last step and only matching packets will be copied to the capture buffer. Impact: As with packet length and ethertype matching, the Exec mode ACL will also impact CPU usage slightly and will be determined by the rate of traffic passing the VLAN and span capture submode ACL filters.

By applying the filters at the most granular level starting with the ones that are done in hardware along with using the rate limiters to control the raw packets per second (pps) that will be copied to the RP CPU, the impact on the RP will be minimized.

The rate-limit for the raw packets per second is available via the "rate-limit" command under the monitor capture submode.

To receive the latest information on Cisco online tools, certifications, support documentation, insights from Cisco experts and peers, and upcoming events, check out the Cisco Technical Services Newsletter today.


I like it, alot.  Think this could help me out in a tight situation without a on site sniffer - great stuff thanks!