[psa79]

Добрый вечер.

Используем asr1008 как PPPOE сервер

в пике трафик не превышает 800-830 мегабит ( если на всех интерфейсах сложить вход выход 2гигабита)

при этом 4к сессий

 

побывал убирать шейпера, скорость остается тойже

при этом задержки не возрастают

 

очень еще смущает ARP Input

 

 

#show pxf cpu context

FP context statistics count rate (since last time command was run)

--------------------- ------------- ----------

feed_back 719179153997 250600

new_work_from_lc 706889564290 149714

new_work_from_rp 2719830985 518

new_work_from_replay 0 0

null_context 49965762122641 5852750

----------

6253582

 

FP average context/sec 1min 5min 60min

--------------------- ---------- ---------- ----------

feed_back 252458 249830 236927 cps

new_work_from_lc 147519 146108 140264 cps

new_work 652 635 603 cps

new_work_from_replay 0 0 0 cps

null_context 5951102 5948734 5950354 cps

--------------------- ---------- ---------- ----------

Total 6351732 6345308 6328150 cps

 

FP context utilization 1min 5min 60min

--------------------- ---------- ---------- ----------

Actual 6 % 6 % 5 %

Theoretical 6 % 6 % 5 %

Maximum 99 % 99 % 98 %

 

 

 

 

CPU utilization for five seconds: 35%/12%; one minute: 37%; five minutes: 39%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

26 488284528 616032211 792 12.47% 13.60% 15.35% 0 ARP Input

81 103468936 4598166 22502 2.47% 1.34% 1.29% 0 Compute load avg

267 35133624 6427818 5465 2.15% 1.34% 1.33% 0 VTEMPLATE Backgr

194 184109112 885341942 207 1.91% 1.93% 1.89% 0 C10K Netflow Toa

264 32734548 756492470 43 0.87% 1.02% 1.05% 0 RADIUS

192 58634628 8170999 7175 0.63% 1.07% 1.10% 0 c10k_periodic_st

117 49724724 374015920 132 0.55% 0.40% 0.37% 0 IP Input

 

 

 

 

#show inventory

NAME: "Chassis", DESCR: "C10000 Edge Service Router (ESR) Chassis"

PID: ESR-CHASSIS , VID: , SN: 00021651183

 

NAME: "module 1/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)"

PID: ESR-1GE , VID: , SN: CAB0438EGFF

 

NAME: "module 2/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)"

PID: ESR-1GE , VID: , SN: CAT065008LK

 

NAME: "RP A", DESCR: "Performance Routing Engine"

PID: ESR-PRE2 , VID: V02 , SN: CAT07360UAV

 

NAME: "RP A flash card 0", DESCR: "Flash Card"

PID: ESR-PRE-MEM-FD128 , VID: , SN:

 

NAME: "module 5/0", DESCR: "1 port Gigabit Ethernet Half-Slot Line Card"

PID: ESR-HH-1GE , VID: V01 , SN: CAT114156HJ

 

NAME: "module 6/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)"

PID: ESR-1GE , VID: , SN: CAT10465NPF

 

NAME: "power-supply 0", DESCR: "DC POWER ENTRY MODULE FOR ESR10008"

PID: ESR-PWR-DC , VID: , SN:

 

NAME: "power-supply 1", DESCR: "DC POWER ENTRY MODULE FOR ESR10008"

PID: ESR-PWR-DC , VID: , SN:

 

NAME: "fan-tray", DESCR: "BLOWER ASSEMBLY FOR ESR10008"

PID: ESR-BLOWER , VID: , SN:

 

 

 

 

конфиг

 

 

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname esr10k

!

boot-start-marker

boot system flash disk0:c10k2-k91p11u2-mz.122-31.SB16.bin

boot system flash disk0:c10k2-k91p11-mz.122-33.SB7.bin

boot system flash disk0:c10k2-k91p11u2-mz.122-33.SB7.bin

boot-end-marker

!

enable secret 5 $1$0U8P$1Q/1wM5/EOfng07bXKEIp1

!

aaa new-model

!

!

aaa authentication password-prompt password:

aaa authentication username-prompt login:

aaa authentication login default local

aaa authentication login dialers group radius

aaa authentication ppp default group radius

aaa authorization exec default local

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting update periodic 1

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

!

!

!

!

aaa session-id common

clock timezone lugansk 2

clock summer-time lugansk recurring last Sun Mar 2:00 last Sun Oct 2:00

facility-alarm core-temperature major 58

facility-alarm core-temperature minor 50

facility-alarm intake-temperature major 54

facility-alarm intake-temperature minor 45

!

!

card 1/0 1gigethernet-1

card 2/0 1gigethernet-1

card 5/0 1gigethernet-hh-1

card 6/0 1gigethernet-1

ip subnet-zero

no ip gratuitous-arps

no ip rcmd domain-lookup

ip rcmd rcp-enable

ip rcmd rsh-enable

ip name-server 10.3.3.1

ip name-server 10.3.3.2

!

!

!

!

vpdn enable

vpdn aaa attribute nas-ip-address vpdn-nas

vpdn aaa attribute nas-port vpdn-nas

!

!

!

archive

log config

logging enable

hidekeys

!

redundancy

mode sso

!

!

class-map match-all test

match access-group name acl_user

class-map match-any ua-ix

match access-group name acl_ua-ix_in

class-map match-all all_user

match access-group name acl_user

!

!

policy-map k128

class class-default

police 128000 16384 16384 conform-action transmit exceed-action drop violate-action drop

policy-map m8

class class-default

police 8392000 1048576 1048576 conform-action transmit exceed-action drop violate-action drop

policy-map m5

class class-default

police 5240000 655360 655360 conform-action transmit exceed-action drop violate-action drop

policy-map m4

class class-default

police 4192000 524288 524288 conform-action transmit exceed-action drop violate-action drop

policy-map k256

class class-default

police 264000 32768 32768 conform-action transmit exceed-action drop violate-action drop

policy-map m1

class class-default

police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop

policy-map k512

class class-default

police 528000 65536 65536 conform-action transmit exceed-action drop violate-action drop

policy-map m3

class class-default

police 3144000 393216 393216 conform-action transmit exceed-action drop violate-action drop

policy-map m2

class class-default

police 2096000 262144 262144 conform-action transmit exceed-action drop violate-action drop

policy-map k64

class class-default

police 64000 8216 8216 conform-action transmit exceed-action drop violate-action drop

policy-map m15

class class-default

police 15360000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop

policy-map k32

class class-default

police 32000 4096 4096 conform-action transmit exceed-action drop violate-action drop

policy-map k1024

class class-default

police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop

policy-map m10

class class-default

police 10488000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop

policy-map m20

class class-default

police 20976000 2621440 2621440 conform-action transmit exceed-action drop violate-action drop

!

bba-group pppoe global

virtual-template 1

sessions max limit 10000

sessions per-mac limit 1

sessions per-vlan limit 4096

sessions auto cleanup

!

!

interface Loopback0

ip address 172.16.0.10 255.255.255.255

!

interface FastEthernet0/0/0

no ip address

shutdown

speed 100

full-duplex

!

interface GigabitEthernet1/0/0

no ip address

ip route-cache policy

negotiation auto

!

interface GigabitEthernet1/0/0.4

encapsulation dot1Q 4

ip address 195.222.127.86 255.255.255.192

!

interface GigabitEthernet1/0/0.21

encapsulation dot1Q 21

no ip redirects

no ip proxy-arp

pppoe enable group global

!

interface GigabitEthernet1/0/0.22

encapsulation dot1Q 22

no ip redirects

no ip proxy-arp

pppoe enable group global

!

........................................................................

!

interface GigabitEthernet1/0/0.732

encapsulation dot1Q 732

no ip redirects

no ip proxy-arp

pppoe enable group global

!

interface GigabitEthernet2/0/0

no ip address

ip route-cache policy

negotiation auto

!

interface GigabitEthernet2/0/0.100

encapsulation dot1Q 100

ip address 10.4.1.1 255.255.255.0

no ip redirects

no ip proxy-arp

shutdown

!

interface GigabitEthernet2/0/0.150

encapsulation dot1Q 150

ip address 10.3.3.58 255.255.255.192

ip access-group 101 in

no ip redirects

no ip proxy-arp

!

interface GigabitEthernet2/0/0.156

encapsulation dot1Q 156

ip address 10.200.3.3 255.255.255.224

!

interface GigabitEthernet2/0/0.952

encapsulation dot1Q 952

ip address 10.3.50.58 255.255.255.0

!

interface GigabitEthernet5/0/0

no ip address

no negotiation auto

!

interface GigabitEthernet6/0/0

description Mirniy

no ip address

no negotiation auto

!

interface GigabitEthernet6/0/0.21

encapsulation dot1Q 21

no ip redirects

no ip proxy-arp

pppoe enable group global

!

..................................................

!

interface GigabitEthernet6/0/0.81

encapsulation dot1Q 81

no ip redirects

no ip proxy-arp

pppoe enable group global

!

interface GigabitEthernet6/0/0.82

encapsulation dot1Q 82

no ip redirects

no ip proxy-arp

pppoe enable group global

interface GigabitEthernet6/0/0.160

encapsulation dot1Q 160

ip address 10.3.4.197 255.255.255.0

no ip redirects

no ip proxy-arp

pppoe enable group global

!

interface Virtual-Template1

mtu 1492

ip unnumbered Loopback0

ip access-group 100 in

no ip proxy-arp

ip mtu 1492

ip flow ingress

ip flow egress

ip tcp adjust-mss 1300

ip policy route-map test

peer default ip address pool pppoe

ppp authentication ms-chap-v2 ms-chap chap pap

!

router ospf 3

router-id 10.200.3.3

no log-adjacency-changes

area 0 authentication message-digest

redistribute connected subnets

network 10.200.3.0 0.0.0.31 area 0

!

ip local pool pppoe 172.23.0.0 172.23.255.255

ip classless

ip route 0.0.0.0 0.0.0.0 10.200.3.2

ip route 10.0.0.0 255.0.0.0 10.3.3.18

!

ip flow-export version 5

ip flow-export destination 10.3.3.11 9996

!

no ip http server

!

!

ip access-list extended acl_user

permit ip any any

logging facility local5

logging source-interface GigabitEthernet2/0/0.150

logging 10.3.3.11

access-list 1 deny 10.3.3.2

access-list 1 deny 10.3.3.50

access-list 1 permit 10.3.3.0 0.0.0.255

access-list 1 deny any

access-list 2 permit 10.3.3.34

access-list 2 deny any

access-list 3 permit 195.5.124.0 0.0.1.255

access-list 3 permit 195.222.124.0 0.0.3.255

access-list 4 permit 172.23.0.5

access-list 4 permit 172.23.0.4

access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 22

access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 3306

access-list 100 permit ip any host 10.3.3.1

access-list 100 permit ip any host 10.3.3.2

access-list 100 permit ip any host 10.3.3.50

access-list 100 permit ip any host 10.3.3.43

access-list 100 permit ip any host 10.3.3.38

access-list 100 permit ip 195.5.124.0 0.0.1.255 any

access-list 100 permit ip 195.222.124.0 0.0.3.255 any

access-list 100 deny ip any 10.0.0.0 0.255.255.255

access-list 100 deny ip any 172.16.0.0 0.7.255.255

access-list 100 deny ip any 192.168.0.0 0.0.255.255

access-list 100 permit ip any any

access-list 101 deny ip any host 172.16.0.10

access-list 101 permit ip 10.3.3.0 0.0.0.255 host 10.3.3.58

access-list 101 permit ip 10.200.3.0 0.0.0.31 10.200.3.0 0.0.0.31

access-list 101 deny ip any host 10.200.3.3

access-list 101 deny ip any host 10.3.3.58

access-list 101 permit ip any any

access-list 116 deny ip any 195.5.124.0 0.0.1.255

access-list 116 deny ip any 10.0.0.0 0.0.0.255

access-list 116 deny ip any 172.16.0.0 0.7.255.255

access-list 116 permit ip 172.22.0.0 0.0.255.255 any

access-list 116 permit ip 172.23.0.0 0.0.255.255 any

access-list 116 deny ip any any

!

route-map test permit 10

match ip address 116

set ip next-hop 10.3.50.28

!

snmp-server community public RO 2

!

radius-server attribute 8 include-in-access-req

radius-server attribute 31 mac format unformatted

radius-server attribute 31 send nas-port-detail mac-only

radius-server host 10.3.3.11 auth-port 1812 acct-port 1813

radius-server key *********

radius-server vsa send accounting

radius-server vsa send authentication

!

control-plane

!

!

!

line con 0

transport output all

line aux 0

transport input telnet

transport output none

line vty 0 4

transport input all

transport output all

!

ntp clock-period 17182646

ntp server 10.3.3.4

end

Изменено 21 сентября, 2010 пользователем psa79

[StSphinx]

Про ARP Input было в форуме, решилось сменой IOS'a.

Читать тут:

http://forum.nag.ru/forum/index.php?showtopic=49100

[psa79]

вопрос закрыт. не в кошке дело было