Łukasz, Thanks for the additional advice.
Hmm ... SPANing the traffic ... there's about 125Mbps going through that regularly, so analyzing the mirrored traffic may be a challenge. I suspect the encapsulation failures are basically from the continual flood of hack attempts coming in from the Internet. We don't have MLS QoS turned on, because we have been nervous about changing default QoS behavior and causing unexpected side-effects. Have not tuned buffers either, since I understand that's a delicate operation. Again, don't want to hose things by accident. It sounds like it's time to face the challenge, since inaction is obviously resulting in its own set of issues. Thanks again. Adam -----Original Message----- From: Łukasz Bromirski [mailto:luk...@bromirski.net] Sent: Saturday, April 11, 2015 5:44 AM To: Adam Greene Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 3850? > On 11 Apr 2015, at 00:26, Adam Greene <maill...@webjogger.net> wrote: > > We're not actually doing Netflow of any kind yet. OK. > It looks like most of our input queue drops are due to 'encapsulation failed' > ... i.e. bogus traffic to non-existent hosts. So far it hasn't affected > legitimate network performance, as far as we can tell. I’d SPAN that traffic and take a look. You shouldn’t have that much traffic resulting in encapsulation failed, unless it’s very “dirty” access network, with a lot of botnets spewing spoofed/random traffic all around. > So maybe the 3750/3750G's will actually be able to support 450Mbps aggregate > gracefully and we can afford to avoid upgrading for now ... that's a nice > surprise. 3750/3750G are gigabit switches, and they should support up to 1Gbit/s per port. I actually read whole thread, and the first answer You got was about tuning buffers - did you do that? Remember, those are “Enteprise” switches, so their QoS and buffers by default reflect access scenario with rather lazy workstation generating traffic in peaks. You need to turn MLS QoS on, and then tune buffers to be able to accept traffic at high rates. > (b) to respond to customer congestion complaints by explaining, "you are > using your whole pipe to download windows updates: schedule those for > off-hours!" etc. If that’s also a problem, try to set up local cache to offload that kind of things as close customers as you can. -- "There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about." John von Neumann | http://lukasz.bromirski.net _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
