psa79 Опубликовано 21 сентября, 2010 (изменено) · Жалоба Добрый вечер. Используем asr1008 как PPPOE сервер в пике трафик не превышает 800-830 мегабит ( если на всех интерфейсах сложить вход выход 2гигабита) при этом 4к сессий побывал убирать шейпера, скорость остается тойже при этом задержки не возрастают очень еще смущает ARP Input #show pxf cpu context FP context statistics count rate (since last time command was run) --------------------- ------------- ---------- feed_back 719179153997 250600 new_work_from_lc 706889564290 149714 new_work_from_rp 2719830985 518 new_work_from_replay 0 0 null_context 49965762122641 5852750 ---------- 6253582 FP average context/sec 1min 5min 60min --------------------- ---------- ---------- ---------- feed_back 252458 249830 236927 cps new_work_from_lc 147519 146108 140264 cps new_work 652 635 603 cps new_work_from_replay 0 0 0 cps null_context 5951102 5948734 5950354 cps --------------------- ---------- ---------- ---------- Total 6351732 6345308 6328150 cps FP context utilization 1min 5min 60min --------------------- ---------- ---------- ---------- Actual 6 % 6 % 5 % Theoretical 6 % 6 % 5 % Maximum 99 % 99 % 98 % CPU utilization for five seconds: 35%/12%; one minute: 37%; five minutes: 39% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 26 488284528 616032211 792 12.47% 13.60% 15.35% 0 ARP Input 81 103468936 4598166 22502 2.47% 1.34% 1.29% 0 Compute load avg 267 35133624 6427818 5465 2.15% 1.34% 1.33% 0 VTEMPLATE Backgr 194 184109112 885341942 207 1.91% 1.93% 1.89% 0 C10K Netflow Toa 264 32734548 756492470 43 0.87% 1.02% 1.05% 0 RADIUS 192 58634628 8170999 7175 0.63% 1.07% 1.10% 0 c10k_periodic_st 117 49724724 374015920 132 0.55% 0.40% 0.37% 0 IP Input #show inventory NAME: "Chassis", DESCR: "C10000 Edge Service Router (ESR) Chassis" PID: ESR-CHASSIS , VID: , SN: 00021651183 NAME: "module 1/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAB0438EGFF NAME: "module 2/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAT065008LK NAME: "RP A", DESCR: "Performance Routing Engine" PID: ESR-PRE2 , VID: V02 , SN: CAT07360UAV NAME: "RP A flash card 0", DESCR: "Flash Card" PID: ESR-PRE-MEM-FD128 , VID: , SN: NAME: "module 5/0", DESCR: "1 port Gigabit Ethernet Half-Slot Line Card" PID: ESR-HH-1GE , VID: V01 , SN: CAT114156HJ NAME: "module 6/0", DESCR: "1 pt Gigabit Ethernet line card (requires a GBIC)" PID: ESR-1GE , VID: , SN: CAT10465NPF NAME: "power-supply 0", DESCR: "DC POWER ENTRY MODULE FOR ESR10008" PID: ESR-PWR-DC , VID: , SN: NAME: "power-supply 1", DESCR: "DC POWER ENTRY MODULE FOR ESR10008" PID: ESR-PWR-DC , VID: , SN: NAME: "fan-tray", DESCR: "BLOWER ASSEMBLY FOR ESR10008" PID: ESR-BLOWER , VID: , SN: конфиг ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname esr10k ! boot-start-marker boot system flash disk0:c10k2-k91p11u2-mz.122-31.SB16.bin boot system flash disk0:c10k2-k91p11-mz.122-33.SB7.bin boot system flash disk0:c10k2-k91p11u2-mz.122-33.SB7.bin boot-end-marker ! enable secret 5 $1$0U8P$1Q/1wM5/EOfng07bXKEIp1 ! aaa new-model ! ! aaa authentication password-prompt password: aaa authentication username-prompt login: aaa authentication login default local aaa authentication login dialers group radius aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! ! ! ! aaa session-id common clock timezone lugansk 2 clock summer-time lugansk recurring last Sun Mar 2:00 last Sun Oct 2:00 facility-alarm core-temperature major 58 facility-alarm core-temperature minor 50 facility-alarm intake-temperature major 54 facility-alarm intake-temperature minor 45 ! ! card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 card 5/0 1gigethernet-hh-1 card 6/0 1gigethernet-1 ip subnet-zero no ip gratuitous-arps no ip rcmd domain-lookup ip rcmd rcp-enable ip rcmd rsh-enable ip name-server 10.3.3.1 ip name-server 10.3.3.2 ! ! ! ! vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas ! ! ! archive log config logging enable hidekeys ! redundancy mode sso ! ! class-map match-all test match access-group name acl_user class-map match-any ua-ix match access-group name acl_ua-ix_in class-map match-all all_user match access-group name acl_user ! ! policy-map k128 class class-default police 128000 16384 16384 conform-action transmit exceed-action drop violate-action drop policy-map m8 class class-default police 8392000 1048576 1048576 conform-action transmit exceed-action drop violate-action drop policy-map m5 class class-default police 5240000 655360 655360 conform-action transmit exceed-action drop violate-action drop policy-map m4 class class-default police 4192000 524288 524288 conform-action transmit exceed-action drop violate-action drop policy-map k256 class class-default police 264000 32768 32768 conform-action transmit exceed-action drop violate-action drop policy-map m1 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map k512 class class-default police 528000 65536 65536 conform-action transmit exceed-action drop violate-action drop policy-map m3 class class-default police 3144000 393216 393216 conform-action transmit exceed-action drop violate-action drop policy-map m2 class class-default police 2096000 262144 262144 conform-action transmit exceed-action drop violate-action drop policy-map k64 class class-default police 64000 8216 8216 conform-action transmit exceed-action drop violate-action drop policy-map m15 class class-default police 15360000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map k32 class class-default police 32000 4096 4096 conform-action transmit exceed-action drop violate-action drop policy-map k1024 class class-default police 1048000 131072 131072 conform-action transmit exceed-action drop violate-action drop policy-map m10 class class-default police 10488000 1310720 1310720 conform-action transmit exceed-action drop violate-action drop policy-map m20 class class-default police 20976000 2621440 2621440 conform-action transmit exceed-action drop violate-action drop ! bba-group pppoe global virtual-template 1 sessions max limit 10000 sessions per-mac limit 1 sessions per-vlan limit 4096 sessions auto cleanup ! ! interface Loopback0 ip address 172.16.0.10 255.255.255.255 ! interface FastEthernet0/0/0 no ip address shutdown speed 100 full-duplex ! interface GigabitEthernet1/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet1/0/0.4 encapsulation dot1Q 4 ip address 195.222.127.86 255.255.255.192 ! interface GigabitEthernet1/0/0.21 encapsulation dot1Q 21 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet1/0/0.22 encapsulation dot1Q 22 no ip redirects no ip proxy-arp pppoe enable group global ! ........................................................................ ! interface GigabitEthernet1/0/0.732 encapsulation dot1Q 732 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet2/0/0 no ip address ip route-cache policy negotiation auto ! interface GigabitEthernet2/0/0.100 encapsulation dot1Q 100 ip address 10.4.1.1 255.255.255.0 no ip redirects no ip proxy-arp shutdown ! interface GigabitEthernet2/0/0.150 encapsulation dot1Q 150 ip address 10.3.3.58 255.255.255.192 ip access-group 101 in no ip redirects no ip proxy-arp ! interface GigabitEthernet2/0/0.156 encapsulation dot1Q 156 ip address 10.200.3.3 255.255.255.224 ! interface GigabitEthernet2/0/0.952 encapsulation dot1Q 952 ip address 10.3.50.58 255.255.255.0 ! interface GigabitEthernet5/0/0 no ip address no negotiation auto ! interface GigabitEthernet6/0/0 description Mirniy no ip address no negotiation auto ! interface GigabitEthernet6/0/0.21 encapsulation dot1Q 21 no ip redirects no ip proxy-arp pppoe enable group global ! .................................................. ! interface GigabitEthernet6/0/0.81 encapsulation dot1Q 81 no ip redirects no ip proxy-arp pppoe enable group global ! interface GigabitEthernet6/0/0.82 encapsulation dot1Q 82 no ip redirects no ip proxy-arp pppoe enable group global interface GigabitEthernet6/0/0.160 encapsulation dot1Q 160 ip address 10.3.4.197 255.255.255.0 no ip redirects no ip proxy-arp pppoe enable group global ! interface Virtual-Template1 mtu 1492 ip unnumbered Loopback0 ip access-group 100 in no ip proxy-arp ip mtu 1492 ip flow ingress ip flow egress ip tcp adjust-mss 1300 ip policy route-map test peer default ip address pool pppoe ppp authentication ms-chap-v2 ms-chap chap pap ! router ospf 3 router-id 10.200.3.3 no log-adjacency-changes area 0 authentication message-digest redistribute connected subnets network 10.200.3.0 0.0.0.31 area 0 ! ip local pool pppoe 172.23.0.0 172.23.255.255 ip classless ip route 0.0.0.0 0.0.0.0 10.200.3.2 ip route 10.0.0.0 255.0.0.0 10.3.3.18 ! ip flow-export version 5 ip flow-export destination 10.3.3.11 9996 ! no ip http server ! ! ip access-list extended acl_user permit ip any any logging facility local5 logging source-interface GigabitEthernet2/0/0.150 logging 10.3.3.11 access-list 1 deny 10.3.3.2 access-list 1 deny 10.3.3.50 access-list 1 permit 10.3.3.0 0.0.0.255 access-list 1 deny any access-list 2 permit 10.3.3.34 access-list 2 deny any access-list 3 permit 195.5.124.0 0.0.1.255 access-list 3 permit 195.222.124.0 0.0.3.255 access-list 4 permit 172.23.0.5 access-list 4 permit 172.23.0.4 access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 22 access-list 100 deny tcp any 10.3.3.0 0.0.0.255 eq 3306 access-list 100 permit ip any host 10.3.3.1 access-list 100 permit ip any host 10.3.3.2 access-list 100 permit ip any host 10.3.3.50 access-list 100 permit ip any host 10.3.3.43 access-list 100 permit ip any host 10.3.3.38 access-list 100 permit ip 195.5.124.0 0.0.1.255 any access-list 100 permit ip 195.222.124.0 0.0.3.255 any access-list 100 deny ip any 10.0.0.0 0.255.255.255 access-list 100 deny ip any 172.16.0.0 0.7.255.255 access-list 100 deny ip any 192.168.0.0 0.0.255.255 access-list 100 permit ip any any access-list 101 deny ip any host 172.16.0.10 access-list 101 permit ip 10.3.3.0 0.0.0.255 host 10.3.3.58 access-list 101 permit ip 10.200.3.0 0.0.0.31 10.200.3.0 0.0.0.31 access-list 101 deny ip any host 10.200.3.3 access-list 101 deny ip any host 10.3.3.58 access-list 101 permit ip any any access-list 116 deny ip any 195.5.124.0 0.0.1.255 access-list 116 deny ip any 10.0.0.0 0.0.0.255 access-list 116 deny ip any 172.16.0.0 0.7.255.255 access-list 116 permit ip 172.22.0.0 0.0.255.255 any access-list 116 permit ip 172.23.0.0 0.0.255.255 any access-list 116 deny ip any any ! route-map test permit 10 match ip address 116 set ip next-hop 10.3.50.28 ! snmp-server community public RO 2 ! radius-server attribute 8 include-in-access-req radius-server attribute 31 mac format unformatted radius-server attribute 31 send nas-port-detail mac-only radius-server host 10.3.3.11 auth-port 1812 acct-port 1813 radius-server key ********* radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! line con 0 transport output all line aux 0 transport input telnet transport output none line vty 0 4 transport input all transport output all ! ntp clock-period 17182646 ntp server 10.3.3.4 end Изменено 21 сентября, 2010 пользователем psa79 Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
StSphinx Опубликовано 22 сентября, 2010 · Жалоба Про ARP Input было в форуме, решилось сменой IOS'a. Читать тут: http://forum.nag.ru/forum/index.php?showtopic=49100 Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
psa79 Опубликовано 23 сентября, 2010 · Жалоба вопрос закрыт. не в кошке дело было Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...