Jump to content
Калькуляторы

Cisco 3550 помогите разобраться

Здравствуйте.

 

Уже устал от проблемы "отжирания" памяти в Cisco3550. Общался, у всех вроде все ок, у меня же на двух разных девайсах память потихоньку "отжирается" до того что девайс становится неработоспособным. Помогите устал уже...

Версия IOS стоит System image file is "flash:c3550-ipservicesk9-mz.122-46.SE.bin"

Девайс занимается тем что принимает UA-IX по бгп от аплинка и раздает его клиентам. soft-reconfiguration inbound выключен для всех бгп пиров.

Суммарная нагрузка на девайс в районе 1 гигабита.

 

The current template is the routing template.
The selected template optimizes the resources in
the switch to support this level of features for
16 routed interfaces and 1K VLANs.

number of unicast mac addresses:   6K
number of igmp groups:             6K
number of qos aces:                1K
number of security aces:           1K
number of unicast routes:          24K
number of multicast routes:        6K

 

CPU utilization for five seconds: 1%/0%; one minute: 2%; five minutes: 2%

Share this post


Link to post
Share on other sites

На кошке только bgp или задействован еще какой-то функционал?

Share this post


Link to post
Share on other sites

Софт свежий залейте.

Share this post


Link to post
Share on other sites

Только бгп, 1 аплинк уаикс + 1 клиент по бгп и 1 по статике и все. Память отьедается до 0 приблизительно за месяц (тоесть раз в месяц приходится ребутить железяку). Это ужасно напрягает особенно если забыть это сделать и она "встанет" в рабочее время и приходится сломя голову лететь на узел и перегружать ее :(

 

На счет софта - какую посоветуете свежую прошивку и желательно подскажите откуда скачать?

Share this post


Link to post
Share on other sites

Bear_UA, по snmp ребутеть не пробовали? в 90% случаев memleak ребутится

ну и да, обновитесь

Share this post


Link to post
Share on other sites

Спасибо sol. А нету mz и соотв .bin? Боюсь этот имидж .tar не поместится на флеш :(

 

Bear_UA, по snmp ребутеть не пробовали? в 90% случаев memleak ребутится

ну и да, обновитесь

Простите... а как по snmp ребутеть?...

На счет обновления - скачал по совету Eshirokiy последний image с цисковского сайта. Утром обновил - ситуация не изменилась. Память потихоньку отжирается :(

Share this post


Link to post
Share on other sites

Bear_UA, я по дурости дал вам не самую последнюю версию, вот последняя c3550-ipservicesk9-mz.122-55.SE9.bin

http://software.cisco.com/download/release.html?mdfid=275935150&flowid=2218&softwareid=280805680&release=12.2.55-SE9&relind=AVAILABLE&rellifecycle=ED&reltype=latest

Edited by EShirokiy

Share this post


Link to post
Share on other sites

Мля, ну уж совсем... Если нужен только bin - то распакуйте tar хоть винраром...

 

А если надо с веб интерфейсом - то http://www.cisco.com....html#concept10

 

ЗЫ и когда SE9 успел выйти...

 

По SNMP ребутить так http://lmgtfy.com/?q=cisco+snmp+reboot

Edited by sol

Share this post


Link to post
Share on other sites

archive download-sw /imageonly tftp...

 

в конфиг snmp-server system-shutdown

snmpset -v 2c -c $community $ip .1.3.6.1.4.1.9.2.9.9.0 i 2

Edited by f13

Share this post


Link to post
Share on other sites

Мля, ну уж совсем... Если нужен только bin - то распакуйте tar хоть винраром...

 

А если надо с веб интерфейсом - то http://www.cisco.com....html#concept10

 

ЗЫ и когда SE9 успел выйти...

 

По SNMP ребутить так http://lmgtfy.com/?q=cisco+snmp+reboot

Сорри это пробел в моих знаниях :) Не злитесь :)

 

Bear_UA, я по дурости дал вам не самую последнюю версию, вот последняя c3550-ipservicesk9-mz.122-55.SE9.bin

http://software.cisc...&reltype=latest

 

Это версия для 3550 24 DC SMI а у меня 3550-12G. Или они совместимы в плане IOS?

Да и SE9 качать не дает :( Говорит контракт не тот :(

Edited by Bear_UA

Share this post


Link to post
Share on other sites

снова менял прошивки - память все равно отжирает :( хеееелп :(((

Share this post


Link to post
Share on other sites

sh ver

sh run

Share this post


Link to post
Share on other sites

sh ver

Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 09-Mar-09 20:28 by gereddy
Image text-base: 0x00003000, data-base: 0x012A99FC

ROM: Bootstrap program is C3550 boot loader

x uptime is 4 days, 23 hours, 43 minutes
System returned to ROM by power-on
System image file is "flash:c3550-ipservicesk9-mz.122-44.SE6.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco WS-C3550-12G (PowerPC) processor (revision F0) with 65526K/8192K bytes of memory.
Processor board ID CAT0714Y2PE
Last reset from warm-reset
Running Layer2/3 Switching Image

Ethernet-controller 1 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 2 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 5 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 6 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 7 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 8 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 9 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 10 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 11 has 1 Gigabit Ethernet/IEEE 802.3 interface

Ethernet-controller 12 has 1 Gigabit Ethernet/IEEE 802.3 interface

12 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.
384K bytes of flash-simulated NVRAM.
Base ethernet MAC Address: 00:0C:85:FE:C1:00
Motherboard assembly number: 73-5526-08
Power supply part number: 34-0967-01
Motherboard serial number: CAT0715002Q
Power supply serial number: DCA07080SS3
Model revision number: F0
Motherboard revision number: A0
Model number: WS-C3550-12G
System serial number: CAT0714Y2PE
Configuration register is 0x10F

 

sh run (ип, пароли, номера ас убраны)

Building configuration...

Current configuration : 11459 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname x
!
enable password 7 x
!
username x privilege 0 password 7 x

no aaa new-model
clock timezone Europe/Kiev 2
no errdisable detect cause gbic-invalid
mls qos aggregate-policer VLAN301 204800000 2000000 exceed-action drop
mls qos aggregate-policer VLAN301-IP 204800000 2000000 exceed-action drop
mls qos aggregate-policer VLAN300-IP 200000000 2000000 exceed-action drop
mls qos aggregate-policer VLAN300 300000000 2000000 exceed-action drop
mls qos cos policy-map
mls qos
ip subnet-zero
ip routing
ip domain-name x
!
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-2248065280
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2248065280
revocation-check none
rsakeypair TP-self-signed-2248065280
!
!
crypto pki certificate chain TP-self-signed-2248065280
certificate self-signed 01
 30820259 308201C2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
 69666963 6174652D 32323438 30363532 3830301E 170D3933 30333031 30303031
 34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32343830
 36353238 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
 8100BB04 A7CCB3C7 BB8FF5EB 04B5BF45 AD83E7E6 FFA818CA 65A14F2E CA15DC57
 34F07758 3119A6BF 91E407AB 014338C5 84FC6E54 628EBF85 0B3C4AB2 CE3CC66E
 EC2CC0C9 7BE57E7E 106CB870 CD2570F9 A7E845DF AAEDA80D A2C1E470 222E232B
 6ED630BD 930B2B1E 23ED71AD E18A6E7A 3E575620 079DD09A 5AFCE658 573F3DED
 19A90203 010001A3 8180307E 300F0603 551D1301 01FF0405 30030101 FF613B06
 03551D11 04243022 43231461 64221E64 73732D67 726F7570 2E6E6574 2E647373
 2D67726F 75702E6E 6574301F 0603551D 23041830 168014B1 29817178 0753B713
 E07108AF 44C06EE1 31D42F30 1D060355 1D0E0416 0414B129 81717807 53B713E0
 7108AF44 C06EE131 D42F300D 06092A86 4886F70D 01010405 00038181 006543E8
 1DCA253B F583F5C2 BBE023C9 FD63036E BB556157 A9FC725C 2A48BA15 EA22A228
 33E3C36A E368E657 0E238120 63C5F9CA 2E9F84AF 73867D4C B4092F6E 78E69609
 7CEBE1A5 5165EA34 02844B3A 8821FC5E 06982E3D AA5EDE7E 57668478 0C956125
 B7C7557F 087B8DFB 78EC7293 EBA027AD BBD72C10 47B89F3A 031EF122 BA
 quit
!
!
!
mac access-list extended anymac
permit any any
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
!
vlan 3
!
vlan 4
!
vlan 5
!
vlan 6
!
vlan 42
!
vlan 92
!
vlan 300
!
vlan 301
!
vlan 302
!
vlan 412
!
vlan 422
!
vlan 423
!
vlan 440
!
vlan 378
!
vlan 200
!
!
class-map match-all VLAN300-IP
match access-group 100
class-map match-all VLAN301-IP
match access-group name VLAN301-IP
class-map match-all anymac
match access-group name anymac
class-map match-all anyip
match access-group name anyip
class-map match-all VLAN300
match vlan  300
match class-map anyip
class-map match-all VLAN301
match vlan  301
match class-map anyip
!
!
policy-map GI-02-VLAN
class VLAN300
   police aggregate VLAN300
policy-map GI-01-VLAN
class VLAN300-IP
   police aggregate VLAN300-IP
class VLAN301-IP
   police aggregate VLAN301-IP
policy-map GI-11-VLAN
class VLAN301
   police aggregate VLAN301
!
!
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 378
switchport mode trunk
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 92,301,302,200
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 378
switchport mode trunk
flowcontrol send off
channel-group 1 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
service-policy input GI-01-VLAN
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,300
switchport mode trunk
flowcontrol send off
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
service-policy input GI-02-VLAN
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 378
switchport mode trunk
flowcontrol send off
channel-group 1 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
service-policy input GI-01-VLAN
!
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
flowcontrol send off
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
flowcontrol send off
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
flowcontrol send off
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 92,301,302,200
switchport mode trunk
flowcontrol send off
channel-group 2 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 92,301,302,200
switchport mode trunk
flowcontrol send off
channel-group 2 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 92,301,302,200
switchport mode trunk
flowcontrol send off
channel-group 2 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 92,301,302,200
switchport mode trunk
flowcontrol send off
channel-group 2 mode active
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,92,301,302,200
switchport mode trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
switchport access vlan 200
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan92
ip address h.i.j.90 255.255.255.252
!
interface Vlan300
description client1-UAIX
ip address a.b.c.1 255.255.255.252
!
interface Vlan301
description client2-UAIX
ip address a.b.c.5 255.255.255.252
!
interface Vlan302
description client3-UAIX
ip address a.b.c.9 255.255.255.252
!
interface Vlan378
description UAIX
ip address e.f.j.10 255.255.255.252
!
interface Vlan200
ip address x.x.x.42 255.255.255.0
!
router bgp XXXXX
bgp log-neighbor-changes
neighbor a.b.c.2 remote-as CLIENT1
neighbor a.b.c.2 description *** client1 UAIX ***
neighbor a.b.c.2 dont-capability-negotiate
neighbor a.b.c.6 remote-as CLIENT2
neighbor a.b.c.6 description *** client2 UAIX ***
neighbor a.b.c.6 shutdown
neighbor a.b.c.10 remote-as XXXXX
neighbor a.b.c.10 description ** client3 UAIX **
neighbor a.b.c.10 shutdown
neighbor e.f.j.9 remote-as UAIXX
neighbor e.f.j.9 description *** UAIX ***
neighbor h.i.j.89 remote-as XXXXX
neighbor h.i.j.89 description *** CORE ***
!
address-family ipv4
 neighbor a.b.c.2 activate
 neighbor a.b.c.2 remove-private-as
 neighbor a.b.c.2 route-map client1-in in
 neighbor a.b.c.6 activate
 neighbor a.b.c.6 remove-private-as
 neighbor a.b.c.6 route-map client2-in in
 neighbor a.b.c.10 activate
 neighbor a.b.c.10 next-hop-self
 neighbor a.b.c.10 route-map client3-IN in
 neighbor e.f.j.9 activate
 neighbor e.f.j.9 next-hop-self
 neighbor e.f.j.9 remove-private-as
 neighbor e.f.j.9 route-map uaix-in in
 neighbor e.f.j.9 route-map uaix-out out
 neighbor h.i.j.89 activate
 neighbor h.i.j.89 next-hop-self
 neighbor h.i.j.89 route-map core-in in
 neighbor h.i.j.89 route-map core-out out
 no auto-summary
 no synchronization
 network a.b.c.0 mask 255.255.255.0
 network a.b.d.0 mask 255.255.255.0
exit-address-family
!
ip classless
ip route a.b.c.0 255.255.255.0 Null0
ip route a.b.d.0 255.255.255.0 a.b.c.10
ip http server
ip http secure-server
!
!
ip access-list extended VLAN300-IP
permit ip any k.l.m.0 0.0.3.255
permit ip any a.b.c.0 0.0.0.3
ip access-list extended VLAN301-IP
permit ip any a.b.c.4 0.0.0.3
permit ip any n.o.p.0 0.0.3.255
permit ip any q.r.s.0 0.0.3.255
ip access-list extended anyip
permit ip any any
!
!
ip prefix-list client1 seq 10 permit k.l.m.0/22
!
ip prefix-list client2 seq 10 permit n.o.p.0/22
ip prefix-list client2 seq 20 permit q.r.s.0/22
!
ip prefix-list client3-UAIX seq 10 permit a.b.d.0/24
!
ip prefix-list full seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list mynet seq 10 permit a.b.c.0/24
ip prefix-list mynet seq 15 permit a.b.d.0/24
!
ip prefix-list uaix-customers seq 10 permit k.l.m.0/22
ip prefix-list uaix-customers seq 20 permit n.o.p.0/22
ip prefix-list uaix-customers seq 30 permit q.r.s.0/22
ip prefix-list uaix-customers seq 40 permit a.b.d.0/24
logging facility local1
logging x.x.x.240
access-list 1 permit x.x.x.x
access-list 1 permit x.x.x.x
access-list 1 permit x.x.x.x
access-list 1 permit x.x.x.0 0.0.0.255
access-list 1 deny   any
access-list 100 permit ip any k.l.m.0 0.0.3.255
access-list 100 permit ip any a.b.c.0 0.0.0.3
route-map client1-in permit 100
match ip address prefix-list client1
set local-preference 500
!
route-map client1-in deny 200
!
route-map client3-IN permit 100
match ip address prefix-list client3-UAIX
set local-preference 500
!
route-map client3-IN deny 200
!
route-map uaix-in permit 100
match ip address prefix-list full
set local-preference 400
!
route-map core-in permit 100
match ip address prefix-list full
set local-preference 500
!
route-map core-in deny 200
!
route-map uaix-out permit 100
match ip address prefix-list mynet
!
route-map uaix-out permit 110
match ip address prefix-list uaix-customers
!
route-map uaix-out deny 200
!
route-map core-out permit 100
match ip address prefix-list mynet
!
route-map core-out deny 200
!
route-map client2-in permit 100
match ip address prefix-list client2
set local-preference 500
!
route-map client2-in deny 200
!
snmp-server community community RO 1
snmp ifmib ifindex persist
!
control-plane
!
!
line con 0
line vty 0 4
access-class 1 in
login local
transport input telnet ssh
line vty 5 15
access-class 1 in
login
!
ntp clock-period 17180326
ntp server x.x.x.240
end

Edited by Bear_UA

Share this post


Link to post
Share on other sites

Была 122-46.SE

 

Сейчас 122-44.SE6

 

 

А вам дали версию 122-55.SE8

 

Как вы это объясните?

Edited by sol

Share this post


Link to post
Share on other sites

см. выше.

"Это версия для 3550 24 DC SMI а у меня 3550-12G. Или они совместимы в плане IOS?"

Share this post


Link to post
Share on other sites

Или они совместимы в плане IOS

 

Предыдущие были совместимы, последнюю не проверял.

Даже если нет - оставьте на флшке старую IOS на всякий пожарный.

 

 

Да и SE9 качать не дает :( Говорит контракт не тот :(

 

Да, теперь халява не проходит. Надо просить добрых людей залить на файлообменник.

Share this post


Link to post
Share on other sites

судя по всему, новее иосов нет, т.е. задача нерешаема, по крайней мере я не вижу в конфиге чего-то плохого, что могло бы помочь. вероятно, летят анонсы частенько и память тупо течет на каждом

Share this post


Link to post
Share on other sites

System image file is "flash:c3550-ipservicesk9-mz.122-50.SE3/c3550-ipservicesk9-mz.122-50.SE3.bin"
...
...
Cisco WS-C3550-12G (PowerPC) processor (revision H0) with 65526K/8192K bytes of memory.
Processor board ID CAT0804X07X
Last reset from warm-reset
Running Layer2/3 Switching Image

 

Вот как-то так, при том что по cisco.com крайний 12.2-44 на 3550-12T/G.

Share this post


Link to post
Share on other sites

Возможно в старых иосах не проверялась нормально поддержка ASN32, возможно там на получении анонсов что-то утекает. Кто знает. Надо сначала свежак вкатить, 146% :)

Share this post


Link to post
Share on other sites

Попробую залить SE8 и посмотреть какова будет ситуация. Отпишусь.

Share this post


Link to post
Share on other sites

Ночью залил, ребутнул. Но что я скажу по SE8, сразу заметил странный момент.

sh mem на 122-44-SE6

               Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor    1D2A360    36779168    33425692     3353476     2358136     1712268
     I/O   80000000     8388608     3029472     5359136     5173340     5196952

 

sh mem на 122-55-SE8

               Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor    2048B3C    33508548    32288236     1220312      172428      929852
     I/O   80000000     8388608     3158032     5230576     5230576     5229936

 

Количество доступной памяти уменьшилось на 3 мегабайта и соотв. свободной тоже. Посмотрю или не будет уменьшаться. Если также будет отьедать то там хоть месяцок-два оно отьедает до критической границы и можно ребутнуть а тут отьест за пару дней :(

Share this post


Link to post
Share on other sites

На 12.2-50-SE3 памяти нормально

#sh memory
               Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor    1D13D8C    36870772    18930852    17939920    16701736    12145460
     I/O   80000000     8388608     3047780     5340828     5251468     5294688

Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)

 

Вы на пиров лимит префиксов выставили?

Share this post


Link to post
Share on other sites

no neighbor <ваш сосед> soft-reconfiguration inbound

 

И, да, sh proc memory sorted

Edited by sol

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this