Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
1
Replies

6500 and CEF

jamey
Level 4
Level 4

‎12-17-2003 11:53 AM - edited ‎03-02-2019 12:25 PM

I'm troubleshooting a problem with high CPU on a 6500/Sup720. On a 6348-RJ45 port, I see a huge increase in processed switched packets when the problem occurs. I sniffed the port and found the device that is sending the packets. It is sending a lot of packets with TCP RST or SYN set.

CEF is enabled on the interface:

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP Feature Fast switching turbo vector

IP Feature CEF switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Here is a sh int fax/x stats (partial):

Switching path Pkts In Pkts Out

Processor 260811987 248046300

Route cache 1879677 29586145

Distributed cache 175439083 424739039

Total 438130747 702371484

What's the difference between Route cache and Distributed cache anyway? I thought Route cache was both fast switching and CEF. This card doesn't have a dCEF card or anything. Not sure why there are Distributed cached processed packets occuring.

When the problem occurs the Proccessor switching path Packet count increases at a very rapid rate. Also packets/sec from sh int x/x on the interface goes up to like 6000 (when the problem is not occuring the packets/sec on the interface is about 2000 or so).

So it would seem that the packets coming from that device are being processed switched instead of CEF switched.

Here is the port config:

interface FastEthernetx/x

ip address x.x.x.x y.y.y.y

ip access-group zzz in

no ip unreachables

ip accounting access-violations

ip nat outside

load-interval 30

no cdp enable

Here is sh int x/x switching (partial):

Protocol Path Pkts In Pkts Out

IP Process 457887522 441288181

Cache misses 0

Fast 3133511 39485080

Auton/SSE 228967480 676483245

Here we see Auton/SSE (which I believe are CEF switched packets) and a lot of Process switched packets.

I've been trying to research what types of packets are processed switched. So far I've found that NAT supports CEF switching in newer version of IOS (I'm running the latest 720 code). I've been trying to find info on CEF switching and ACLs but haven't had much luck.

So I know what is causing the issues-Flooding of TCP packets with RST or SYN bits set from a device on the LAN out that fastE interface. This device is supposed to do this (don't ask). I'm just trying to figure out why all those packets are processed switched instead of CEF-switched. The packets are from a device on the LAN to the 6500 out of the above fastE port.

Any thoughts?

Labels:
0 Helpful
1 Reply 1

jamey
Level 4
Level 4

‎12-19-2003 06:07 AM

Turning off ip nat outside on the int x/x solved the problem. When we did that, the packets started being CEF switched again. I guess maybe NAT isn't CEF switched using 12.2(17a)SX1 on the 720.

Funny thing is, the device generating all the packets wasn't even being NAT'd.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card