But traceroute's one of the killer apps for Sup720's regardless if used in 6500 or 7600.
Dependent on the traffic you pass through there might be lots of 'TTL expired' (nearly fully originating from running traceroutes, else I'd suspect you've another more serious problem). Running plain-IP-configuration passing 10-15gbps originating mostly from residential internet access across a 7600 I've seen a good 20% CPU coming from roughly 2000 'TTL expired's *per second*. The ever more widespread abuse of traceroute (before someone starts arguing: yes, I call permanent use of mtr and alike for end-user pseudo-monitoring 'network abuse') is something you'll be forced into limiting to protect your network at some point in time despite the complaints of some customers not understanding the technology behind. Marcus > -----Ursprüngliche Nachricht----- > Von: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Bob Snyder > Gesendet: Mittwoch, 7. Oktober 2009 21:19 > An: cisco-nsp@puck.nether.net > Betreff: Re: [c-nsp] SUP720 - 12.2(18)SXF17 > > On Mon, Oct 5, 2009 at 5:43 AM, Phil Mayers > <p.may...@imperial.ac.uk> wrote: > > > mls rate-limit all ttl-failure 100 10 > > mls rate-limit all mtu-failure 100 10 > > > > There's no reason not to have the TTL failure rate limit > enabled AFAIK. > > Choose a value appropriate to you, obviously. > > One gotcha here is that busy routers will start dropping traceroute > packets as the trace hits routers that are actively rate-limiting. > Even through end to end traffic isn't affected, you may get user calls > (or confused network admins) complaining about packet loss because of > a misleading traceroute. > > Still definitely a good idea, but something to consider when setting > thresholds and managing expectations. > > Bob > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
