Jump to content
Калькуляторы

cisco 4900M и pbr

Добрый день!

 

Присматриваюсь к cisco 4900M.

 

Собственно вопрос:

При управлении трафиком через PBR (next-hop менять) - оно трафик через CPU погонит?

Share this post


Link to post
Share on other sites

set ip default next-hop там нет

set ip next-hop есть

 

да мне и set ip next-hop хватит, если честно. Лишь бы не soft-реализация (через CPU) pbr'а.

Edited by Konstantin Klimchev

Share this post


Link to post
Share on other sites

Подниму тему, чтобы не создавать новую. Имеется 4900M, нужен PBR, при включении загрузка CPU выше 90%, т.е. трафик побежал через CPU. Что не так? Далее кусок конфига.

 

interface Vlan9
 ip address 1.1.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp

interface Vlan61
 ip address 2.2.2.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip pim sparse-mode
 ip ospf mtu-ignore
 ip policy route-map MY-POLICY

ip access-list standard MY-POLICY-SUBNETS
 permit 3.3.3.0 0.0.0.31

route-map MY-POLICY permit 10
 match ip address MY-POLICY-SUBNETS
 set ip default next-hop 1.1.1.2

 

Пробовал и set ip next-hop вместо set ip default next-hop, хотя здесь https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/pbroute.html написано, что софтовая обработка будет только в случае set interface или set default interface.

Edited by SokolovS

Share this post


Link to post
Share on other sites

Попробуйте еще явно указать exit clause permit для остального, иначе он возможно срабатывает как deny

route-map MY-POLICY permit 20

Share this post


Link to post
Share on other sites

А, ну и у вас default next-hop. Это вроде бы сразу приговор на этом железе.

Share this post


Link to post
Share on other sites
35 минут назад, vurd сказал:

А, ну и у вас default next-hop. Это вроде бы сразу приговор на этом железе.

Судя по руководству, на которое ссылка выше, только set interface и set default interface должны давать этот эффект.

 

48 минут назад, vurd сказал:

Попробуйте еще явно указать exit clause permit для остального, иначе он возможно срабатывает как deny


route-map MY-POLICY permit 20

Возможно так. Проверю.

Edited by SokolovS

Share this post


Link to post
Share on other sites
1 час назад, vurd сказал:

Попробуйте еще явно указать exit clause permit для остального, иначе он возможно срабатывает как deny


route-map MY-POLICY permit 20

Это ничего не меняет. Сделал на момент проверки ip next-hop вместо ip default next-hop.

 

19 минут назад, zhenya` сказал:

Extended acl поппробуйте.

Попробовал так:

ip access-list extended MY-POLICY-SUBNETS
 permit ip 3.3.3.0 0.0.0.31 any

и так
 

ip access-list extended MY-POLICY-SUBNETS 
  permit ip 3.3.3.0 0.0.0.31 any
  deny ip any any


На результат не повлияло. Как только вешаешь на интерфейс, сразу растет загрузка CPU.

Share this post


Link to post
Share on other sites
route-map GRAY, permit, sequence 10
  Match clauses:
    ip address (access-lists): GRAY1
  Set clauses:
    ip next-hop хх.хх.хх.1
  Policy routing matches: 5680527 packets, 2596496617 bytes
route-map GRAY, permit, sequence 20
  Match clauses:
    ip address (access-lists): GRAY2
  Set clauses:
    ip next-hop хх.хх.хх.2
  Policy routing matches: 3588379 packets, 1124924947 bytes
route-map GRAY, permit, sequence 30
  Match clauses:
    ip address (access-lists): GRAY3
  Set clauses:
    ip next-hop хх.хх.хх.3
  Policy routing matches: 4277050 packets, 1236352364 bytes

Acces-list extended точно такой как у вас, только у меня их 3 и в каждом по кучке подсетей. Правила без deny. Все работает прекрасно в железе. Загрузка CPU 4-5%

Софт - Software (cat4500e-ENTSERVICESK9-M), Version 15.2(4)E, RELEASE SOFTWARE (fc2)

Share this post


Link to post
Share on other sites

Т.е.

1 час назад, Sacrament сказал:

route-map GRAY, permit, sequence 10
  Match clauses:
    ip address (access-lists): GRAY1
  Set clauses:
    ip next-hop хх.хх.хх.1
  Policy routing matches: 5680527 packets, 2596496617 bytes
route-map GRAY, permit, sequence 20
  Match clauses:
    ip address (access-lists): GRAY2
  Set clauses:
    ip next-hop хх.хх.хх.2
  Policy routing matches: 3588379 packets, 1124924947 bytes
route-map GRAY, permit, sequence 30
  Match clauses:
    ip address (access-lists): GRAY3
  Set clauses:
    ip next-hop хх.хх.хх.3
  Policy routing matches: 4277050 packets, 1236352364 bytes

Acces-list extended точно такой как у вас, только у меня их 3 и в каждом по кучке подсетей. Правила без deny. Все работает прекрасно в железе. Загрузка CPU 4-5%

Софт - Software (cat4500e-ENTSERVICESK9-M), Version 15.2(4)E, RELEASE SOFTWARE (fc2)

T.е. access-list standard у тебя? Софт у меня немного другой, но та же ветка.
Software (cat4500e-ENTSERVICESK9-M), Version 15.2(2)E5, RELEASE SOFTWARE (fc2)

Странно однако. А у тебя на интерфейсах, на которые политика повешена, OSPF или другой протокол маршрутизации есть?

Edited by SokolovS

Share this post


Link to post
Share on other sites

не надо к ней присматриваться, мертвая железка. дорогущие порты черех x2 и предподписка на слоты. по факту там 12 честных 10г портов.

Share this post


Link to post
Share on other sites
2 минуты назад, dIMbI4 сказал:

не надо к ней присматриваться, мертвая железка. дорогущие порты черех x2 и предподписка на слоты. по факту там 12 честных 10г портов.

Опубликовано 11 апреля, 2011

Share this post


Link to post
Share on other sites

А покажите

show platform hardware acl statistics utilization brief 

show platform hardware ip route summary

С pbr и без такового.

Share this post


Link to post
Share on other sites
13 часов назад, passer сказал:

А покажите

show platform hardware acl statistics utilization brief 

show platform hardware ip route summary

С pbr и без такового.

Без PBR

#show platform hardware acl statistics utilization brief 
CAM Utilization Statistics
--------------------------

                           Used          Free         Total
                           --------------------------------
Input  Security    (160)   35    (1  %)  2013  (99 %) 2048 
Input  Security    (320)   34    (1  %)  2014  (99 %) 2048 
Input  Forwarding  (160)   27    (1  %)  2021  (99 %) 2048 
Input  Forwarding  (320)   24    (1  %)  2024  (99 %) 2048 
Input  Unallocated (160)   0     (0  %)  57344 (100%) 57344

Output RoleBased   (160)   0     (0  %)  2048  (100%) 2048 
Output Security    (160)   8     (0  %)  2040  (100%) 2048 
Output Security    (320)   12    (0  %)  2036  (100%) 2048 
Output Qos         (160)   21    (1  %)  2027  (99 %) 2048 
Output Qos         (320)   4     (0  %)  2044  (100%) 2048 
Output Unallocated (160)   0     (0  %)  55296 (100%) 55296

Input Profiles (logical) : used 1 / 32
Input Profiles (physical): used 4 / 32

Output Profiles (logical) : used 1 / 32
Output Profiles (physical): used 3 / 32

 

#show platform hardware ip route summary 
block#  start   end     mode    entries used    free    group   type           
0       80 Bit  0       4095    4096    2032    2064    3       Dst            
1       160 Bit 4096    8190    2048    143     1905    6       Dst            
2       160 Bit 8192    12286   2048    1       2047    6       Dst            
3       160 Bit 12288   16382   2048    0       2048    6       Dst            
4       160 Bit 16384   20478   2048    0       2048    6       Dst            
5       160 Bit 20480   24574   2048    0       2048    6       Dst            
6       160 Bit 24576   28670   2048    0       2048    6       Dst            
7       160 Bit 28672   32766   2048    0       2048    6       Dst            
8       160 Bit 32768   36862   2048    0       2048    6       Dst            
9       160 Bit 36864   40958   2048    0       2048    6       Dst            
10      160 Bit 40960   45054   2048    0       2048    6       Dst            
11      160 Bit 45056   49150   2048    0       2048    6       Dst            
12      160 Bit 49152   53246   2048    0       2048    6       Dst            
13      160 Bit 53248   57342   2048    0       2048    6       Dst            
14      160 Bit 57344   61438   2048    0       2048    6       Dst            
15      160 Bit 61440   65534   2048    0       2048    6       Dst            
16      160 Bit 65536   69630   2048    0       2048    6       Dst            
17      160 Bit 69632   73726   2048    0       2048    6       Dst            
18      160 Bit 73728   77822   2048    0       2048    6       Dst            
19      160 Bit 77824   81918   2048    0       2048    6       Dst            
20      160 Bit 81920   86014   2048    0       2048    6       Dst            
21      160 Bit 86016   90110   2048    0       2048    6       Dst            
22      160 Bit 90112   94206   2048    0       2048    6       Dst            
23      160 Bit 94208   98302   2048    0       2048    6       Dst            
24      160 Bit 98304   102398  2048    0       2048    6       Dst            
25      160 Bit 102400  106494  2048    1       2047    6       Dst            
26      160 Bit 106496  110590  2048    0       2048    6       Dst            
27      160 Bit 110592  114686  2048    0       2048    6       Dst            
28      160 Bit 114688  118782  2048    2       2046    6       Dst            
29      160 Bit 118784  122878  2048    0       2048    6       Dst            
30      160 Bit 122880  126974  2048    0       2048    6       Dst            
31      160 Bit 126976  131070  2048    0       2048    6       Dst            
32      160 Bit 131072  135166  2048    0       2048    6       Dst            
33      160 Bit 135168  139262  2048    0       2048    6       Dst            
34      160 Bit 139264  143358  2048    0       2048    6       Dst            
35      160 Bit 143360  147454  2048    0       2048    6       Dst            
36      160 Bit 147456  151550  2048    0       2048    6       Dst            
37      160 Bit 151552  155646  2048    0       2048    6       Dst            
38      160 Bit 155648  159742  2048    0       2048    6       Dst            
39      160 Bit 159744  163838  2048    0       2048    6       Dst            
40      160 Bit 163840  167934  2048    0       2048    6       Dst            
41      160 Bit 167936  172030  2048    0       2048    6       Dst            
42      160 Bit 172032  176126  2048    0       2048    6       Dst            
43      160 Bit 176128  180222  2048    0       2048    6       Dst            
44      160 Bit 180224  184318  2048    0       2048    6       Dst            
45      160 Bit 184320  188414  2048    0       2048    6       Dst            
46      160 Bit 188416  192510  2048    0       2048    6       Dst            
47      160 Bit 192512  196606  2048    0       2048    6       Dst            
48      160 Bit 196608  200702  2048    5       2043    6       Dst            
49      160 Bit 200704  204798  2048    24      2024    5       Dst            
50      Unused  204800  208895  4096    0       4096    -       -              
51      Unused  208896  212991  4096    0       4096    -       -              
52      Unused  212992  217087  4096    0       4096    -       -              
53      Unused  217088  221183  4096    0       4096    -       -              
54      Unused  221184  225279  4096    0       4096    -       -              
55      Unused  225280  229375  4096    0       4096    -       -              
56      Unused  229376  233471  4096    0       4096    -       -              
57      Unused  233472  237567  4096    0       4096    -       -              
58      Unused  237568  241663  4096    0       4096    -       -              
59      Unused  241664  245759  4096    0       4096    -       -              
60      Unused  245760  249855  4096    0       4096    -       -              
61      Unused  249856  253951  4096    0       4096    -       -              
62      Unused  253952  258047  4096    0       4096    -       -              
63      Unused  258048  262143  4096    0       4096    -       -              

group#  inUse   mode    type      lookup  entries free    util%   rangeId      
0       yes     80 Bit  uRPF Ipv4 Src     0       0       100     0            
1       yes     160 Bit uRPF Ipv6 Src     0       0       100     1            
2       yes     160 Bit SpecSrc   Src     0       0       100     255          
3       yes     80 Bit  UC Ipv4   Dst     4096    2064    49      0            
4       yes     160 Bit SpecDst   Dst     0       0       100     255          
5       yes     160 Bit MC Ipv4   Dst     2048    2024    1       1            
6       yes     160 Bit UC Ipv6   Dst     98304   98152   0       2            
7       yes     320 Bit MC Ipv6   Dst     0       0       100     3            

        range
0       [ipv4: 0.0.0.0 - ipv4: 255.255.255.255]                                
1       [ipv6: :: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]             
2       [null]                                                                 
3       [ipv4: 0.0.0.0 - ipv4: 223.255.255.255]                                
4       [null]                                                                 
5       [ipv4: 224.0.0.0 - ipv4: 239.255.255.255]                              
6       [ipv6: :: - ipv6: FEFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]             
7       [ipv6: FF00:: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]         

        blocks
0       (0)  
1       (0)  
2       (0)  
3       (1)  0
4       (0)  
5       (1)  49
6       (48)  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48
7       (0)  

entity        total     used      free      util%                              
Entries       161792    2208      159584    1                                  
  uRPF Ipv4   0         0         0         0                                  
  uRPF Ipv6   0         0         0         0                                  
  UC Ipv4     4096      2032      2064      49                                 
  MC Ipv4     2048      24        2024      1                                  
  UC Ipv6     98304     152       98152     0                                  
  MC Ipv6     0         0         0         0                                  
  SpecDst     0         0         0         0                                  
  SpecSrc     0         0         0         0                                  
  unused      57344     57344     0         100                                

# Parity errors: 0
# Parity errors for unused entries: 0

group 0:  mode: 80 Bit type: uRPF Ipv4 lookupType: Src entries: 0 used:0 free: 0
  range: [ipv4: 0.0.0.0 - ipv4: 255.255.255.255] psmRangeId: 0
  provisonal: [null]
group 1:  mode: 160 Bit type: uRPF Ipv6 lookupType: Src entries: 0 used:0 free: 0
  range: [ipv6: :: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 1
  provisonal: [null]
group 2:  mode: 160 Bit type: SpecSrc lookupType: Src entries: 0 used:0 free: 0
  range: [null] psmRangeId: 255
  provisonal: [null]
group 3:  mode: 80 Bit type: UC Ipv4 lookupType: Dst entries: 4096 used:2032 free: 2064
  range: [ipv4: 0.0.0.0 - ipv4: 223.255.255.255] psmRangeId: 0
  provisonal: [null]
    block: 0 (0-4095) mode: 80 Bit entries: 4096 used: 2032 free: 2064
group 4:  mode: 160 Bit type: SpecDst lookupType: Dst entries: 0 used:0 free: 0
  range: [null] psmRangeId: 255
  provisonal: [null]
group 5:  mode: 160 Bit type: MC Ipv4 lookupType: Dst entries: 2048 used:24 free: 2024
  range: [ipv4: 224.0.0.0 - ipv4: 239.255.255.255] psmRangeId: 1
  provisonal: [null]
    block: 49 (200704-204798) mode: 160 Bit entries: 2048 used: 24 free: 2024
group 6:  mode: 160 Bit type: UC Ipv6 lookupType: Dst entries: 98304 used:152 free: 98152
  range: [ipv6: :: - ipv6: FEFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 2
  provisonal: [null]
    block: 1 (4096-8190) mode: 160 Bit entries: 2048 used: 143 free: 1905
    block: 2 (8192-12286) mode: 160 Bit entries: 2048 used: 1 free: 2047
    block: 3 (12288-16382) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 4 (16384-20478) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 5 (20480-24574) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 6 (24576-28670) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 7 (28672-32766) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 8 (32768-36862) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 9 (36864-40958) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 10 (40960-45054) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 11 (45056-49150) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 12 (49152-53246) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 13 (53248-57342) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 14 (57344-61438) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 15 (61440-65534) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 16 (65536-69630) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 17 (69632-73726) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 18 (73728-77822) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 19 (77824-81918) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 20 (81920-86014) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 21 (86016-90110) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 22 (90112-94206) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 23 (94208-98302) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 24 (98304-102398) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 25 (102400-106494) mode: 160 Bit entries: 2048 used: 1 free: 2047
    block: 26 (106496-110590) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 27 (110592-114686) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 28 (114688-118782) mode: 160 Bit entries: 2048 used: 2 free: 2046
    block: 29 (118784-122878) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 30 (122880-126974) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 31 (126976-131070) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 32 (131072-135166) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 33 (135168-139262) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 34 (139264-143358) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 35 (143360-147454) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 36 (147456-151550) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 37 (151552-155646) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 38 (155648-159742) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 39 (159744-163838) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 40 (163840-167934) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 41 (167936-172030) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 42 (172032-176126) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 43 (176128-180222) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 44 (180224-184318) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 45 (184320-188414) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 46 (188416-192510) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 47 (192512-196606) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 48 (196608-200702) mode: 160 Bit entries: 2048 used: 5 free: 2043
group 7:  mode: 320 Bit type: MC Ipv6 lookupType: Dst entries: 0 used:0 free: 0
  range: [ipv6: FF00:: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 3
  provisonal: [null]
FLC hardware parity scan enabled: true
vfeTcamIfRxErrCheckEnabled: true
vfeTcamIfRxErrCheckOperating: true
FLC consistency checker enabled: true
TCAM idle cycle config:
  before read:  4
  after  read:  4
  before write: 0
  after  write: 1

 

C PBR

#show platform hardware acl statistics utilization brief 
CAM Utilization Statistics
--------------------------

                           Used          Free         Total
                           --------------------------------
Input  Security    (160)   35    (1  %)  2013  (99 %) 2048 
Input  Security    (320)   34    (1  %)  2014  (99 %) 2048 
Input  Forwarding  (160)   28    (1  %)  2020  (99 %) 2048 
Input  Forwarding  (320)   24    (1  %)  2024  (99 %) 2048 
Input  Unallocated (160)   0     (0  %)  57344 (100%) 57344

Output RoleBased   (160)   0     (0  %)  2048  (100%) 2048 
Output Security    (160)   8     (0  %)  2040  (100%) 2048 
Output Security    (320)   12    (0  %)  2036  (100%) 2048 
Output Qos         (160)   21    (1  %)  2027  (99 %) 2048 
Output Qos         (320)   4     (0  %)  2044  (100%) 2048 
Output Unallocated (160)   0     (0  %)  55296 (100%) 55296

Input Profiles (logical) : used 1 / 32
Input Profiles (physical): used 4 / 32

Output Profiles (logical) : used 1 / 32
Output Profiles (physical): used 3 / 32
#show platform hardware ip route summary                 
block#  start   end     mode    entries used    free    group   type           
0       80 Bit  0       4095    4096    2034    2062    3       Dst            
1       160 Bit 4096    8190    2048    153     1895    6       Dst            
2       160 Bit 8192    12286   2048    1       2047    6       Dst            
3       160 Bit 12288   16382   2048    0       2048    6       Dst            
4       160 Bit 16384   20478   2048    0       2048    6       Dst            
5       160 Bit 20480   24574   2048    0       2048    6       Dst            
6       160 Bit 24576   28670   2048    0       2048    6       Dst            
7       160 Bit 28672   32766   2048    0       2048    6       Dst            
8       160 Bit 32768   36862   2048    0       2048    6       Dst            
9       160 Bit 36864   40958   2048    0       2048    6       Dst            
10      160 Bit 40960   45054   2048    0       2048    6       Dst            
11      160 Bit 45056   49150   2048    0       2048    6       Dst            
12      160 Bit 49152   53246   2048    0       2048    6       Dst            
13      160 Bit 53248   57342   2048    0       2048    6       Dst            
14      160 Bit 57344   61438   2048    0       2048    6       Dst            
15      160 Bit 61440   65534   2048    0       2048    6       Dst            
16      160 Bit 65536   69630   2048    0       2048    6       Dst            
17      160 Bit 69632   73726   2048    0       2048    6       Dst            
18      160 Bit 73728   77822   2048    0       2048    6       Dst            
19      160 Bit 77824   81918   2048    0       2048    6       Dst            
20      160 Bit 81920   86014   2048    0       2048    6       Dst            
21      160 Bit 86016   90110   2048    0       2048    6       Dst            
22      160 Bit 90112   94206   2048    0       2048    6       Dst            
23      160 Bit 94208   98302   2048    0       2048    6       Dst            
24      160 Bit 98304   102398  2048    0       2048    6       Dst            
25      160 Bit 102400  106494  2048    1       2047    6       Dst            
26      160 Bit 106496  110590  2048    0       2048    6       Dst            
27      160 Bit 110592  114686  2048    0       2048    6       Dst            
28      160 Bit 114688  118782  2048    2       2046    6       Dst            
29      160 Bit 118784  122878  2048    0       2048    6       Dst            
30      160 Bit 122880  126974  2048    0       2048    6       Dst            
31      160 Bit 126976  131070  2048    0       2048    6       Dst            
32      160 Bit 131072  135166  2048    0       2048    6       Dst            
33      160 Bit 135168  139262  2048    0       2048    6       Dst            
34      160 Bit 139264  143358  2048    0       2048    6       Dst            
35      160 Bit 143360  147454  2048    0       2048    6       Dst            
36      160 Bit 147456  151550  2048    0       2048    6       Dst            
37      160 Bit 151552  155646  2048    0       2048    6       Dst            
38      160 Bit 155648  159742  2048    0       2048    6       Dst            
39      160 Bit 159744  163838  2048    0       2048    6       Dst            
40      160 Bit 163840  167934  2048    0       2048    6       Dst            
41      160 Bit 167936  172030  2048    0       2048    6       Dst            
42      160 Bit 172032  176126  2048    0       2048    6       Dst            
43      160 Bit 176128  180222  2048    0       2048    6       Dst            
44      160 Bit 180224  184318  2048    0       2048    6       Dst            
45      160 Bit 184320  188414  2048    0       2048    6       Dst            
46      160 Bit 188416  192510  2048    0       2048    6       Dst            
47      160 Bit 192512  196606  2048    0       2048    6       Dst            
48      160 Bit 196608  200702  2048    5       2043    6       Dst            
49      160 Bit 200704  204798  2048    24      2024    5       Dst            
50      Unused  204800  208895  4096    0       4096    -       -              
51      Unused  208896  212991  4096    0       4096    -       -              
52      Unused  212992  217087  4096    0       4096    -       -              
53      Unused  217088  221183  4096    0       4096    -       -              
54      Unused  221184  225279  4096    0       4096    -       -              
55      Unused  225280  229375  4096    0       4096    -       -              
56      Unused  229376  233471  4096    0       4096    -       -              
57      Unused  233472  237567  4096    0       4096    -       -              
58      Unused  237568  241663  4096    0       4096    -       -              
59      Unused  241664  245759  4096    0       4096    -       -              
60      Unused  245760  249855  4096    0       4096    -       -              
61      Unused  249856  253951  4096    0       4096    -       -              
62      Unused  253952  258047  4096    0       4096    -       -              
63      Unused  258048  262143  4096    0       4096    -       -              

group#  inUse   mode    type      lookup  entries free    util%   rangeId      
0       yes     80 Bit  uRPF Ipv4 Src     0       0       100     0            
1       yes     160 Bit uRPF Ipv6 Src     0       0       100     1            
2       yes     160 Bit SpecSrc   Src     0       0       100     255          
3       yes     80 Bit  UC Ipv4   Dst     4096    2062    49      0            
4       yes     160 Bit SpecDst   Dst     0       0       100     255          
5       yes     160 Bit MC Ipv4   Dst     2048    2024    1       1            
6       yes     160 Bit UC Ipv6   Dst     98304   98142   0       2            
7       yes     320 Bit MC Ipv6   Dst     0       0       100     3            

        range
0       [ipv4: 0.0.0.0 - ipv4: 255.255.255.255]                                
1       [ipv6: :: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]             
2       [null]                                                                 
3       [ipv4: 0.0.0.0 - ipv4: 223.255.255.255]                                
4       [null]                                                                 
5       [ipv4: 224.0.0.0 - ipv4: 239.255.255.255]                              
6       [ipv6: :: - ipv6: FEFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]             
7       [ipv6: FF00:: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]         

        blocks
0       (0)  
1       (0)  
2       (0)  
3       (1)  0
4       (0)  
5       (1)  49
6       (48)  1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48
7       (0)  

entity        total     used      free      util%                              
Entries       161792    2220      159572    1                                  
  uRPF Ipv4   0         0         0         0                                  
  uRPF Ipv6   0         0         0         0                                  
  UC Ipv4     4096      2034      2062      49                                 
  MC Ipv4     2048      24        2024      1                                  
  UC Ipv6     98304     162       98142     0                                  
  MC Ipv6     0         0         0         0                                  
  SpecDst     0         0         0         0                                  
  SpecSrc     0         0         0         0                                  
  unused      57344     57344     0         100                                

# Parity errors: 0
# Parity errors for unused entries: 0

group 0:  mode: 80 Bit type: uRPF Ipv4 lookupType: Src entries: 0 used:0 free: 0
  range: [ipv4: 0.0.0.0 - ipv4: 255.255.255.255] psmRangeId: 0
  provisonal: [null]
group 1:  mode: 160 Bit type: uRPF Ipv6 lookupType: Src entries: 0 used:0 free: 0
  range: [ipv6: :: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 1
  provisonal: [null]
group 2:  mode: 160 Bit type: SpecSrc lookupType: Src entries: 0 used:0 free: 0
  range: [null] psmRangeId: 255
  provisonal: [null]
group 3:  mode: 80 Bit type: UC Ipv4 lookupType: Dst entries: 4096 used:2034 free: 2062
  range: [ipv4: 0.0.0.0 - ipv4: 223.255.255.255] psmRangeId: 0
  provisonal: [null]
    block: 0 (0-4095) mode: 80 Bit entries: 4096 used: 2034 free: 2062
group 4:  mode: 160 Bit type: SpecDst lookupType: Dst entries: 0 used:0 free: 0
  range: [null] psmRangeId: 255
  provisonal: [null]
group 5:  mode: 160 Bit type: MC Ipv4 lookupType: Dst entries: 2048 used:24 free: 2024
  range: [ipv4: 224.0.0.0 - ipv4: 239.255.255.255] psmRangeId: 1
  provisonal: [null]
    block: 49 (200704-204798) mode: 160 Bit entries: 2048 used: 24 free: 2024
group 6:  mode: 160 Bit type: UC Ipv6 lookupType: Dst entries: 98304 used:162 free: 98142
  range: [ipv6: :: - ipv6: FEFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 2
  provisonal: [null]
    block: 1 (4096-8190) mode: 160 Bit entries: 2048 used: 153 free: 1895
    block: 2 (8192-12286) mode: 160 Bit entries: 2048 used: 1 free: 2047
    block: 3 (12288-16382) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 4 (16384-20478) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 5 (20480-24574) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 6 (24576-28670) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 7 (28672-32766) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 8 (32768-36862) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 9 (36864-40958) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 10 (40960-45054) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 11 (45056-49150) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 12 (49152-53246) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 13 (53248-57342) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 14 (57344-61438) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 15 (61440-65534) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 16 (65536-69630) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 17 (69632-73726) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 18 (73728-77822) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 19 (77824-81918) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 20 (81920-86014) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 21 (86016-90110) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 22 (90112-94206) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 23 (94208-98302) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 24 (98304-102398) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 25 (102400-106494) mode: 160 Bit entries: 2048 used: 1 free: 2047
    block: 26 (106496-110590) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 27 (110592-114686) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 28 (114688-118782) mode: 160 Bit entries: 2048 used: 2 free: 2046
    block: 29 (118784-122878) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 30 (122880-126974) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 31 (126976-131070) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 32 (131072-135166) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 33 (135168-139262) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 34 (139264-143358) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 35 (143360-147454) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 36 (147456-151550) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 37 (151552-155646) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 38 (155648-159742) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 39 (159744-163838) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 40 (163840-167934) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 41 (167936-172030) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 42 (172032-176126) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 43 (176128-180222) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 44 (180224-184318) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 45 (184320-188414) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 46 (188416-192510) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 47 (192512-196606) mode: 160 Bit entries: 2048 used: 0 free: 2048
    block: 48 (196608-200702) mode: 160 Bit entries: 2048 used: 5 free: 2043
group 7:  mode: 320 Bit type: MC Ipv6 lookupType: Dst entries: 0 used:0 free: 0
  range: [ipv6: FF00:: - ipv6: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF] psmRangeId: 3
  provisonal: [null]
FLC hardware parity scan enabled: true
vfeTcamIfRxErrCheckEnabled: true
vfeTcamIfRxErrCheckOperating: true
FLC consistency checker enabled: true
TCAM idle cycle config:
  before read:  4
  after  read:  4
  before write: 0
  after  write: 1

 

 

7 часов назад, zhenya` сказал:

Уберите deny ip any any из ацл

Выше писал, что пробовал так. Изначально и было без deny в acl. Знаю что deny нужно делать в route-map. 

Share this post


Link to post
Share on other sites

По #show platform cpu packet statistics | inc L3
видно, что на CPU попадает весь маршрутизируемый трафик с интерфейса, но это и так было понятно. Вопрос только почему? Может все таки баг данной прошивки?

 

Цитата

L3 Glean, 6                         44         0         0         0          0
L3 Fwd, 6                    937877234     20509      3330       360        393
L3 Glean, 7                   96259897        30        21        23         26
L3 Fwd, 7                        11280         0         0         0          0
L3 Receive, 7                 69027474        43        25        27         29
L3 Fwd, 6                        82873         0         0         0          0
L3 Glean, 7                      23459         0         0         0          0
L3 Receive, 7                        3         0         0         0          0

 

Share this post


Link to post
Share on other sites

next-hop случайно не рекурсивный?

Share this post


Link to post
Share on other sites
1 час назад, vurd сказал:

next-hop случайно не рекурсивный?

Нет, не рекурсивный. Эту причину в списке возможных проблем тоже видел. Кусок конфига, который привел, отражает реальную ситуацию, только IP сменил. Видно, что nex-hop в интерфейс vlan9 уходит, а трафик приходит и отрабатывается политикой с vlan61.
Для теста вешаю политику только на один интерфейс, трафика на нем не так много, порядка 500 Мбит/c.

Edited by SokolovS

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this