10-28-2003 04:33 AM - edited 03-02-2019 11:18 AM
Hi. I finally got bgp setup nicely on 3 routers on our network, but now I am noticing drops in traffic according to my snmp gauges and graphs.
Here is a picture of one of the routers:
http://poor.j3w.com/~tzulo/yipes-graph.jpg
The network topology is quite simple.
3 routers, each with it's own provider, yipes(500mbs over gigabit fiber), cogent 100mbs ethernet, xo 100mbs ethernet.
each are plugged into a coreswitch, which is plugged into 5 other switches in a serial fashion with gigabit fiber uplinks.
R R R
\ | /
Core Switch
|
Switch
|
Switch
According to the picture, it's about every 30seconds.
Anyone have any ideas what it could be? or what I can check?
Next post is the configuration for the Yipes router.
-GK
10-28-2003 04:33 AM
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JK9O3S-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 05-Jun-03 20:57 by dchih
Image text-base: 0x60008954, data-base: 0x621BC000
ROM: System Bootstrap, Version 12.2(8r)B, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.2(4)BW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Yipes uptime is 1 week, 3 days, 19 hours, 40 minutes
System returned to ROM by power-on
System image file is "disk2:c7200-jk9o3s-mz.123-1a.bin"
cisco 7206VXR (NPE-G1) processor (revision A) with 245760K/16384K bytes of memory.
Processor board ID 18283191
SB-1 CPU at 700Mhz, Implementation 1, Rev 0.2, 512KB L2 Cache
6 slot VXR midplane, Version 2.0
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
3 Gigabit Ethernet/IEEE 802.3 interface(s)
509K bytes of non-volatile configuration memory.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
16384K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
Yipes#sh run
Building configuration...
Current configuration : 12667 bytes
!
version 12.3
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname Yipes
!
boot system disk2:c7200-jk9o3s-mz.123-1a.bin
logging buffered informational
logging console informational
enable secret 5
!
username map privilege 15 nopassword
clock timezone GMT 0
no ip subnet-zero
no ip rcmd domain-lookup
!
!
ip nbar port-map custom-01 tcp 3389
ip name-server x.x.214.166
ip name-server x.x.214.162
!
ip cef
ip audit notify log
ip audit po max-events 100
ip accounting-threshold 400
ip accounting-list 0.0.0.0 255.255.255.255
mpls ldp logging neighbor-changes
no ftp-server write-enable
!
!
no crypto isakmp enable
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
class-map match-any an1
match protocol icmp
match protocol ssh
match protocol custom-01
match protocol pcanywhere
!
!
policy-map niceping
description Reduced latency Pings by giving minimum bandwidth for ICMP and SSH.
class an1
priority 30000 40000
class class-default
!
!
!
!
interface GigabitEthernet0/1
description Yipes Link
ip address
no ip redirects
no ip proxy-arp
ip accounting access-violations
duplex full
speed 1000
media-type gbic
no negotiation auto
no mop enabled
!
interface GigabitEthernet0/2
ip address LAN IP
and about 50 gateway ips secondary
ip access-group 151 in
ip access-group 151 out
no ip proxy-arp
ip accounting output-packets
no ip mroute-cache
ip policy route-map yipes-only
duplex full
speed 1000
media-type gbic
no negotiation auto
!
interface GigabitEthernet0/3
no ip address
no ip mroute-cache
shutdown
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface Group-Async0
physical-layer async
no ip address
!
interface Group-Async1
physical-layer async
no ip address
!
router bgp
bgp log-neighbor-changes
neighbor
neighbor
neighbor
!
address-family ipv4
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
neighbor
no auto-summary
no synchronization
network mask 255.255.224.0
exit-address-family
!
ip classless
ip route 0.0.0.0 0.0.0.0 ebgp neighbor (next hop)
ip route
no ip http server
no ip http secure-server
ip access-list extended icmp
deny icmp any any
permit ip any any
remark Blocks ICMP in/out
logging trap debugging
logging
access-list compiled
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any unreachable
access-list 110 permit ip host
access-list 120 permit ip
access-list 120 remark Outbound traffic shaping.
access-list 151 deny udp any any range 135 netbios-ss
access-list 151 deny tcp any any range 135 139
access-list 151 deny tcp any any eq 445
access-list 151 deny tcp any any eq 593
access-list 151 deny tcp any any eq 4444
access-list 151 permit tcp any any
access-list 151 permit udp any any
access-list 151 permit ip any any
access-list 151 remark MS-Blast-Netbios blocking
priority-list 1 protocol ip high tcp www
priority-list 1 protocol ip high list 199
priority-list 1 protocol ip high tcp 22
priority-list 1 protocol ip normal tcp ftp
priority-list 1 protocol ip low tcp smtp
priority-list 2 protocol ip low tcp smtp
!
route-map yipes-only permit 5
match ip address 120
set ip next-hop
!
snmp-server community 123321 RW
snmp-server enable traps tty
snmp-server enable traps stun
snmp-server enable traps bstun
!
!
!
!
!
!
gatekeeper
shutdown
!
alias exec ct conf t
alias exec sib show ip inter brief
!
line con 0
exec-timeout 0 0
password
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password
login
!
!
!
end
10-28-2003 04:34 AM
Also:
Yipes#sh processes
CPU utilization for five seconds: 45%/42%; one minute: 52%; five minutes: 51%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
1 Cwe 606FF9B8 0 1 0 5604/6000 0 Chunk Manager
2 Csp 6072B6C0 1580 186752 8 2612/3000 0 Load Meter
3 ME 606568C4 13816 5714 2417 8924/12000 0 Exec
4 M* 0 924 729 1267 8924/12000 2 Virtual Exec
5 Mwe 617F91E4 0 1 023504/24000 0 EDDRI_MAIN
6 Lst 6070C298 5803712 304456 19062 5624/6000 0 Check heaps
7 Cwe 60712234 192 964 199 5568/6000 0 Pool Manager
8 Lwe 60627C58 0 1 0 5764/6000 0 AAA_SERVER_DEADT
9 Mst 6064D15C 0 2 0 5564/6000 0 Timers
10 Mwe 60010900 0 2 0 5560/6000 0 Serial Backgroun
11 Mwe 60230ADC 0 2 0 5564/6000 0 ATM Idle Timer
12 Mwe 602B2074 0 2 0 8560/9000 0 ATM AutoVC Perio
13 Mwe 602B1AD8 0 2 0 5564/6000 0 ATM VC Auto Crea
14 Mwe 60623204 0 2 0 5552/6000 0 AAA high-capacit
15 Msi 607BF9E4 68184 927452 73 5280/6000 0 EnvMon
16 Mwe 607C4D94 0 1 0 8604/9000 0 OIR Handler
17 Mwe 607D8C7C 88 15577 5 5672/6000 0 IPC Dynamic Cach
18 Mwe 607D1DF8 0 1 0 5632/6000 0 IPC Zone Manager
19 Mwe 607D1B3C 1168 927265 1 5708/6000 0 IPC Periodic Tim
20 Mwe 607D1AE0 744 927265 0 5704/6000 0 IPC Deferred Por
21 Mwe 607D1BE8 0 1 0 5596/6000 0 IPC Seat Manager
22 Mwe 607D3FCC 0 1 0 5632/6000 0 IPC BackPressure
23 Lwe 6082889C 6905912 39402935 175 4044/6000 0 ARP Input
24 Mwe 60A8F748 1632 186650 8 5656/6000 0 HC Counter Timer
25 Mwe 60B094D0 0 2 0 5552/6000 0 DDR Timers
26 Lwe 60D6DB84 0 2 0 5536/6000 0 Entity MIB API
27 Mwe 60016424 0 1 0 5628/6000 0 SERIAL A'detect
28 Msp 60686920 1136 927263 1 5612/6000 0 GraphIt
29 Mwe 60B23A58 0 2 011568/12000 0 Dialer event
30 Cwe 607146E8 0 1 0 5624/6000 0 Critical Bkgnd
31 Mwe 606B1EB8 1024040 191921 533510420/12000 0 Net Background
32 Lwe 6063FD84 24 750 3210088/12000 0 Logger
33 Mwe 606623F0 1900 927260 2 4972/6000 0 TTY Background
34 Msp 606C2094 5652 927989 6 8328/9000 0 Per-Second Jobs
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
35 Mwe 6080B550 0 1 0 2592/3000 0 Inode Table Dest
36 Mwe 6080B5D4 0 1 0 2652/3000 0 OIR Refresh Proc
37 Hwe 601813CC 0 1 0 5768/6000 0 CSP Timer
38 Hst 604FB718 0 1 0 5788/6000 0 SONET alarm time
39 Mwe 6133CB18 0 2 0 5572/6000 0 VSI Master
40 Hwe 61AE019C 0 2 0 5576/6000 0 VNM DSPRM MAIN
41 Msp 61FF04F8 644 927268 0 8744/9000 0 ISA Common Helpe
42 Mwe 61FF5F10 0 1 0 5632/6000 0 Multi-ISA Event
43 Mwe 61FF5E94 0 1 0 5644/6000 0 Multi-ISA Cleanu
44 Mwe 603BE7B4 0 1 0 5600/6000 0 CES Line Conditi
45 Mwe 607C8FF0 0 2 0 5640/6000 0 Flash MIB Update
46 Hwe 6020BF00 0 2 011552/12000 0 ATM OAM Input
47 Hwe 6020A07C 0 2 010972/12000 0 ATM OAM TIMER
48 Mwe 605C07D0 140 9 15555 5252/6000 0 TurboACL
49 Mwe 606E55E0 0 2 0 5556/6000 0 AAA Server
50 Mwe 606E7788 0 1 0 5732/6000 0 AAA ACCT Proc
51 Mwe 606E7880 0 1 0 5744/6000 0 ACCT Periodic Pr
52 Mwe 6078E21C 0 2 0 5580/6000 0 AAA Dictionary R
53 Mwe 6085CE04 31311400 117161092 26710032/12000 0 IP Input
54 Mwe 60880BE0 0 1 0 5748/6000 0 ICMP event handl
55 Mwe 60983EE8 6876 112409 61 5252/6000 0 CDP Protocol
56 Mwe 60A4B06C 0 1 011740/12000 0 SSS Manager
57 Mwe 60A4DDEC 772 124451 611644/12000 0 SSS Test Client
58 Mwe 60ABDCD4 0 3 011584/12000 0 PPP Hooks
59 Mwe 60B4AB18 72 4663 15 5484/6000 0 MOP Protocols
60 Lwe 60F1EF34 0 1 0 5300/6000 0 X.25 Encaps Mana
61 Mwe 60FC6658 0 2 011588/12000 0 KRB5 AAA
62 Mwe 613C0F98 0 1 0 5736/6000 0 AC Mgr
63 Mwe 61628B84 0 1 011704/12000 0 VPDN call manage
64 Mwe 6090C5FC 1935400 15760 122804 7456/9000 0 IP Background
65 Hwe 609125B8 418100 464582 899 8036/9000 0 IP RIB Update
66 Mwe 60D6469C 0 2 0 5740/6000 0 SNMP Timers
67 Mwe 60ABDCD4 0 2 011588/12000 0 PPP IP Route
68 Mwe 60ABDCD4 0 2 011584/12000 0 PPP IPCP
69 Mrd 60840BC4 7976 673385 1110184/12000 0 TCP Timer
70 Lwe 60845B50 160 537 29710860/12000 0 TCP Protocols
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
71 Hwe 608F1970 0 1 0 5760/6000 0 Socket Timers
72 Mwe 608CA2A8 4 3120 1 8536/9000 0 HTTP CORE
73 Mwe 608A6B74 0 1 0 5628/6000 0 RARP Input
74 Mwe 60833458 2316 10688 216 5352/6000 0 DHCPD Receive
75 Lsi 6097ACA0 360 15558 23 5264/6000 0 IP Cache Ager
76 Mwe 60D0FF5C 0 1 023612/24000 0 COPS
77 Mwe 60A541E4 0 2 0 5548/6000 0 PPP SSS
78 Mwe 60ABDCD4 0 2 0 5584/6000 0 PPP Bind
79 Hwe 60F2C178 0 1 0 5612/6000 0 PAD InCall
80 Mwe 60EF1478 0 2 011560/12000 0 X.25 Background
81 Mwe 611E14A0 196160 16411 11952 4744/6000 0 Adj Manager
82 Lwe 611D0E78 7536840 1518079 4964 5088/6000 0 CEF process
83 Mwe 6128E6F0 0 2 0 5584/6000 0 Tag Input
84 Mwe 6128E6F0 0 2 0 5588/6000 0 Tag Input
85 Mwe 6135EBBC 0 1 0 5724/6000 0 AToM manager
86 Mwe 61366D14 0 3 0 5580/6000 0 AToM switching m
87 Mwe 61361D58 0 1 0 5736/6000 0 AToM LDP manager
88 Mwe 613DB604 0 1 0 5768/6000 0 Inspect Timer
89 Mwe 614030B8 0 2 0 5568/6000 0 URL filter proc
90 Mwe 61410888 4 3119 1 5672/6000 0 Authentication P
91 Mwe 6141A28C 0 1 0 5732/6000 0 Auth-proxy AAA B
92 Mwe 6141AFF0 0 1 0 5772/6000 0 IDS Timer
93 Mwe 6161C898 0 2 0 5564/6000 0 Dialer Forwarder
94 Mwe 61D9B650 1872 927452 2 5576/6000 0 RUDPV1 Main Proc
95 Mwe 61D933BC 0 1 0 5748/6000 0 bsm_timers
96 Msi 61D903A0 584 927267 0 5720/6000 0 bsm_xmt_proc
97 Hwe 61DC7F24 0 2 0 5584/6000 0 RLM groups Proce
98 Mwe 61EB81EC 0 3 023516/24000 0 gk process
99 Mwe 61F4FBE0 0 1 023560/24000 0 Border Element p
100 Hwe 61FBE9E4 0 1 0 5468/6000 0 Crypto HW Proc
10-28-2003 04:34 AM
101 Lwe 6217A86C 0 1 0 5620/6000 0 XSM_EVENT_ENGINE
102 Lsi 62178328 320 93320 311740/12000 0 XSM_ENQUEUER
103 Lsi 6217B590 156 93320 111748/12000 0 XSM Historian
104 Mwe 606F2070 0 2 0 5584/6000 0 LOCAL AAA
105 Mwe 606F3F9C 0 2 0 5588/6000 0 ENABLE AAA
106 Mwe 606F43A8 0 2 0 5584/6000 0 LINE AAA
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
107 Mwe 60C186FC 0 2 0 5576/6000 0 TPLUS
109 Mwe 61A34A6C 0 2 0 5324/6000 0 ASNL
110 Mwe 61B37988 0 2 0 5588/6000 0 VSP_MGR
111 Mwe 61FAD888 0 2 0 5564/6000 0 Crypto Support
112 Mwe 60161D9C 100 37428 2 5572/6000 0 CRM_CALL_UPDATE_
113 Mwe 6199F39C 0 1 023732/24000 0 VoIP AAA
114 Mwe 61A25524 0 1 0 5600/6000 0 QOS_MODULE_MAIN
115 Mwe 61A34360 0 1 023588/24000 0 RPMS_PROC_MAIN
116 Hwe 61A5AAD8 4 1 4000 8424/9000 0 CCVPM_HTSP
117 Mwe 61A762A0 0 1 0 5604/6000 0 CCVPM_R2
118 Mwe 61B16134 0 1 0 5640/6000 0 CCSWVOICE
119 Mwe 61B55A2C 0 1 0 5484/6000 0 sssapp
120 Mwe 61D0FC1C 0 1 0 5552/6000 0 http client proc
121 ME 606568C4 2332 669 3485 8972/12000 4 Virtual Exec
122 Mwe 61F4E4AC 0 2 0 3368/6000 0 Proxy Session Ap
123 Mwe 61FA82BC 0 1 011628/12000 0 Encrypt Proc
124 Mwe 61FA91A4 0 1 0 7600/8000 0 Key Proc
125 Mwe 62081604 0 4 0 6852/8000 0 Crypto CA
126 Mwe 620D98B8 0 1 0 7632/8000 0 Crypto SSL
127 Mwe 62039E9C 0 11 018460/24000 0 Crypto ACL
128 Mwe 62032808 0 2 011596/12000 0 Crypto Delete Ma
129 Mwe 620030FC 956 62228 1511216/12000 0 Crypto IKMP
130 Mwe 61FF81CC 656 46674 14 3360/6000 0 IPSEC key engine
131 Mwe 61FF8A40 0 1 0 5684/6000 0 IPSEC manual key
132 Mwe 61FB2798 0 1 0 5728/6000 0 CRYPTO QoS proce
133 Msi 6037DB3C 256 93336 2 5600/6000 0 RMON Recycle Pro
134 Mwe 60387FB0 0 2 0 5588/6000 0 RMON Deferred Se
135 Mwe 603FFF9C 0 1 0 5496/6000 0 SYSMGT Events
136 Mwe 6061C418 0 2 0 5556/6000 0 AAA SEND STOP EV
137 Mwe 610204D4 0 1 0 5648/6000 0 Syslog Traps
138 Lwe 62167F88 0 2 0 5524/6000 0 IpSecMibTopN
139 Mwe 60372448 0 1 0 5476/6000 0 RMON Packets
140 Mwe 61075C10 180 15577 11 5560/6000 0 SAA Event Proces
141 Mwe 6165F89C 0 1 0 5596/6000 0 VPDN Scal
142 Lsi 61A8B268 1148 926597 1 5736/6000 0 trunk conditioni
143 Hwe 61A8C654 0 1 0 5628/6000 0 trunk conditioni
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
144 Hwe 606C1C04 100312 3651528 27 5612/6000 0 Net Input
145 Csp 606B7464 1136 186754 6 5592/6000 0 Compute load avg
146 Msp 606C20F4 336604 17109 19674 5564/6000 0 Per-minute Jobs
147 Mwe 6183EF58 68 7798 8 4704/6000 0 CC-API_VCM
148 Mwe 61F46348 18340 8993201 258620/60000 0 CCPROXY_CT
149 Lwe 611D06AC 424 32359 13 5440/6000 0 CEF Scanner
151 Lwe 608448E0 8 72 111 5436/6000 0 TCP Listener
152 Lwe 6089C934 740460 4634324 15910624/12000 0 IP SNMP
153 Mwe 60D68BE4 223312 2363343 9411400/12000 0 PDU DISPATCHER
154 Mwe 60D687D4 1758180 2369185 74210516/12000 0 SNMP ENGINE
155 Lwe 60A83044 0 1 011640/12000 0 SNMP ConfCopyPro
156 Mwe 60D64E74 0 1 011612/12000 0 SNMP Traps
157 Mwe 603E7068 0 1 0 5652/6000 0 xcpa-driver
158 Mwe 608FAA88 32 7797 4 5672/6000 0 DHCPD Timer
159 Msi 6090761C 968 264437 3 5056/6000 0 DHCPD Database
160 ME 60B5FC50 1419284 3991711 355 6280/9000 0 BGP Router
161 ME 60B50CC4 120808 3055361 39 4516/6000 0 BGP I/O
162 Lsi 60B5947C 44510460 208370 213614 6576/9000 0 BGP Scanner
I'm not sure why I get this. I do know some people that run game servers see udp drop out during that time.
This is really frustrating cause it's happening on all 3 routers. And I finally got all 3 setup quite nicely with bgp inbound and outgoing policing/shaping and proper advertisements etc.. :(
Thanks,
-GK
10-28-2003 04:41 AM
I also noticed this under
show process cpu sorted
CPU utilization for five seconds: 47%/44%; one minute: 52%; five minutes: 52%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
53 31331176 117235492 267 2.12% 1.63% 1.61% 0 IP Input
-GK
10-28-2003 06:07 AM
I would, first, check a show alignment, and see what it reports. If this comes up clean, then I would suspect some process is running periodically which might be cause a cpu spike, and possibly dropped traffic. One thing that makes me suspicious on this count is that the average cpu utilization is just a bit higher than your current average--52% vs 47%--so it looks like you have something periodically driving the cpu up, then letting it go, making the average a bit higher than what you see when you look at it.
I would try watching the cpu more closely, and trying to catch the process that's causing the spike. show proc cpu sorted is your friend here, run once every 7 or 8 seconds (not on even intervals). When you see the cpu util jump to something much higher, I'd guess 70 or 80%, then the top process should be the one you're after.
Now, beyond this, it might not be cpu util at all. Check all of your interfaces to make certain you're not seeing a lot of drops, etc., as well.
Russ.W
10-28-2003 12:31 PM
show alignment is clean on all the routers.
The biggest cpu loads i see are:
162 45905800 214635 213889 30.72% 3.82% 2.73% 0 BGP Scanner
53 32404396 120935409 267 2.21% 1.77% 1.87% 0 IP Input
6 5993828 314441 19061 3.35% 0.45% 0.34% 0 Check heaps
odd tho, on another router that has more drops I see:
CPU utilization for five seconds: 50%/48%; one minute: 49%; five minutes: 49%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
47 10757504 67115 160291 2.03% 0.34% 0.20% 0 IP Background
62 33901344 3520100 9630 0.81% 0.52% 0.51% 0 CEF process
16 37254792 159270178 233 1.22% 0.73% 0.74% 0 ARP Input
3 156 128 1218 0.65% 0.10% 0.02% 2 Virtual Exec
116 127045532 659656 192595 13.73% 2.78% 2.80% 0 BGP Scanner
114 9457636 29632245 319 1.72% 0.19% 0.09% 0 BGP Router
Note. The processes pasted above are not all from the same time, but different times when each were at their highest over a 1 minute period.
BGP scanner does seem to drive it up for about 3-5 seconds. But i'd figure that's normal. But the drops I'm seeing is just horrible.
on our Yipes main interface i see:
Input queue: 0/75/1/14 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 66894000 bits/sec, 50636 packets/sec
5 minute output rate 397254000 bits/sec, 64690 packets/sec
no drops.
on our yipes lan interface i see
Input queue: 0/75/130/1 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 490604000 bits/sec, 86424 packets/sec
5 minute output rate 162302000 bits/sec, 70790 packets/sec
Another odd thing is, during the drops in the graph, their is no real change in the process cpu. even when BGP Scanner is high , 30%, speed/latency is fine.
What else can it be? I notice all 3 seem to be doing it around the same time too.
10-29-2003 09:04 PM
BGP Scanner is one of the "usual suspects" here. See this URL:
http://www.cisco.com/warp/public/459/highcpu-bgp.html
That said, your router is running fairly close to the edge of recommended max CPU utilization (60%) even without BGP scanner adding to your woes. Some notes on possible ways to reduce CPU usage:
1) You appear to by trying to force selected subnets to be routed out of Yipes. Try to use BGP localpref to influence your choice of gateway rather than policy routing. This shifts the cost of implementing your policy to once during occasional BGP route recalculation rather than 71,000 times a second in the IP output path. It would also notify your iBGP peers of your policy override with no additional configuration, ensuring that traffic to those routes would flow out of Yipes no matter which of your routers it arrived at.
2) Your Yipes router appears to be having to "turn around" a fair amount of traffic which needs to go to the other routers, which might be a waste of its time. If your "core switch" is layer 3 capable and has a fair amount of RAM, you might consider having it play traffic cop between the three routers.
3) Increasing the input queue size moderately might smooth out some of the packet loss but isn't really a fix for the root cause, high CPU utilization. Try this:
Router(config)# interface GigabitEthernet0/2
Router(config-if)# hold-queue 150 in
4) Do you really need 'ip accounting output-packets' on Gig0/2? Try removing it.
10-30-2003 04:04 AM
1) never used bgp local preference, do you have an example I can base my config off of?
2) no layer3 core switch yet.. :(
3) input queue is usually 0/0 tho.
4) only reason that's there is for us to lookup ips to see what's getting a DOS attack. Else what are some other ways to find out what ip is being attacked? Kind of new at this, but it's a major pain at my employment to find the victim ip. Most are Distributed DOS ICMP attacks. some tcp floods tho.
Thanks for your help..
-GK
10-30-2003 05:08 PM
1) There are some docs on CCO which explain localpref and a couple of ways of setting it. See:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm#4957
For your case, instead of using AS-path, you want to set up an ACL or prefix-list to match specific routes. You need to match an existing BGP route in your route-map and then 'set local-preference 200' or whatever. Then your router will prefer that route over any other received route unless it has a better local-preference, regardless of AS-path length. It will also advertise that local-preference to its iBGP neighbors and they will act on the updated local-preference as well. Be sure to apply that route map to your Yipes BGP neighbor.
3) Usually 0/0 and always 0/0 are different things. You are dropping during very short bursts of high CPU usage. Really you want to drop your CPU utilization somehow to make this less necessary, but the input queue is there to keep you from dropping packets on the floor if you're too busy to service the queue right that instant. As speed goes up, and 500Mb/s is pretty speedy, that input queue can fill up really damn fast if there's some process hanging onto the CPU too long.
4) Try disabling it at least to take a benchmark to see if it's causing the problem. If it is, try to use it only while you're troubleshooting problems.
11-03-2003 07:31 AM
We actually diagnoised that it was a core switch that the main router was connecting to that was causing the problems (Yipes 500mbs was okay). However, the other two seem to still be dropping low during: BGP Scanner as it goes up 31% every 30 seconds. Is their a way to reduce the load that BGP Scanner puts on the router? It's only happening on our two 7206 300mhz routers, our main one is a 700mhz one and it handles it okay.
-GK
03-08-2004 10:33 PM
This happened to us also:
We had recently started accepting the full BGP routing table from one of our upstreams.
BGP scanner was causing high-cpu once a minute.
Enabling cef appears to have fixed the issue.
Regards,
MB
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide