Re: Catalyst 6500 High Switch Proc

["Philip L." <phil () mindfury net>]

Ross Vandegrift wrote:
> On Sat, Nov 15, 2008 at 04:35:28PM -0500, Philip L. wrote:
>   
> > One thing to note, is that our main ACL for ingress traffic is applied 
> > here due to historical reasons.  It's roughly 5000 single host entries 
> > at present.  We also use these devices for NDE.
> >     
>
> On a SUP7203BXL, if your ACL TCAM utilization is fine, this shouldn't
> impact performance unless you're logging too much.  Since you've been
> over the CPU utilization doc, I'm guessing you know that.
>
> "show platform hardware capacity acl" will give you a breakdown on
> your ACL TCAM usage.
>
>   
> > I'm probably missing some other key details, but what could influence 
> > the SP like this?  Any insight would be appreciated.
> >     
>
> Cisco says that Netflow-based features always handle the first packet
> of a flow in software, but I don't know if this is the RP or the SP.
> It would make sense if a first-flow packet that didn't need punting
> hit the SP and not the RP.  In that case, your traffic level with
> netflow enabled could explain your high SP utilization.
>
>   
It is a Sup720-3BXL.  Based on the suggestions here, I went ahead and 
did 'no ip flow ingress' on all the interfaces just to see, and surely 
enough, the SP went down to about 10-15%.  My colleague implemented 
packet count-based NetFlow sampling to attempt to reduce the 100% 
NetFlow TCAM usage, and it appears to be partially effective.  It still 
fills up frequently, so we'll have to do some more tweaking.

I appreciate all the replies, public and private.

--
Philip L.