01-27-2011 04:17 AM - edited 03-06-2019 03:13 PM
Hi all,
I have a problem at 2 Catalyst 3750G Switches. We do policy base routing at this switches. If we enable the pbr and cef we have a high cpu utilization of 90% constantly.
If we change back to fast-switching the cpu utilization get back to normal level of 40%.
Anybody who knows the problem or know if it is a bug is welcome
Thanks and kind regards
Holger
Solved! Go to Solution.
01-28-2011 09:48 AM
You need a set next hop in your route-map statement 5. Not having that will cause all traffic hitting that statement to be cpu switched.
-Matt
01-27-2011 07:21 AM
Hi Holger,
There is a bug related to the issue
CSCsd25984 - Documentation: PBR deny ACE causes high CPU utilization on a 3750 switch
PBR in cat3750 is implemented in hardware/TCAM, so packets are
not switched through software (unless there are exceptions like the PBR
policy configuration does not fit in the TCAM, or the next hop adjacency has
not been resolved).
However as you have brought to my attention the PBR feature, I have
researched further on this issue. The PBR itself is switched in hardware,
however there is a restriction; the 3750 TCAM based PBR does not support
deny s statements followed by permit clauses as TCAM subtraction is not
supported.
Switch supports only 512 ACE's for PBR.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/conf
iguration/guide/swiprout.html#wp1210866
Above is kust fyi.
In order to confirm the same please attach the ACLs used as well as the output of " show sdm prefer" and " show platform tcam utilisation"
Regards,
Swati
Please rate if you find content useful
01-28-2011 12:04 AM
Hi Swati,
thanks for your support. A took a look to the bug description. In our scenario we don't have a deny at the ACLs for the PBR. Is it possible that we got a problem with the first route-map entry, because there is no 'set' statement:
interface Vlan999
description WLAN Bridge VLAN - Secondary
ip address 172.16.41.13 255.255.255.248
no ip redirects
ip route-cache policy
ip policy route-map NEXT-HOP-CW
standby 9 ip 172.16.41.9
standby 9 timers 1 2
standby 9 priority 110
standby 9 preempt
!
access-list 100 permit ip 172.16.40.64 0.0.0.63 172.16.0.0 0.15.255.255
access-list 100 permit ip host 172.16.40.134 host 172.17.10.33
access-list 100 permit ip 172.16.40.128 0.0.0.63 172.16.0.0 0.15.255.255
access-list 100 permit ip 172.16.42.0 0.0.0.127 172.16.0.0 0.15.255.255
access-list 100 permit ip 172.16.42.128 0.0.0.127 172.16.0.0 0.15.255.255
access-list 100 permit ip 172.16.43.0 0.0.0.127 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.40.192 0.0.0.63 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.41.0 0.0.0.3 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.41.8 0.0.0.7 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.41.128 0.0.0.127 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.43.128 0.0.0.127 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.44.0 0.0.0.127 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.16.44.128 0.0.0.127 172.16.0.0 0.15.255.255
access-list 101 permit ip 172.30.19.0 0.0.0.127 172.16.0.0 0.15.255.255
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.40.64 0.0.0.63
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.40.128 0.0.0.63
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.42.0 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.42.128 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.43.0 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.40.192 0.0.0.63
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.41.128 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.43.128 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.44.0 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.16.44.128 0.0.0.127
access-list 102 permit ip 172.16.40.0 0.0.7.255 172.30.19.0 0.0.0.127
route-map NEXT-HOP-CW permit 5
match ip address 102
route-map NEXT-HOP-CW permit 10
match ip address 100
set ip next-hop 172.16.40.42
!
route-map NEXT-HOP-CW permit 20
match ip address 101
set ip next-hop 172.16.40.43
!
Kind regards
Holger
01-28-2011 09:48 AM
You need a set next hop in your route-map statement 5. Not having that will cause all traffic hitting that statement to be cpu switched.
-Matt
01-31-2011 03:01 AM
Thank you for the support.
Kind regards
Holger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide