Performance of CEF over Fast Switching
John, Bob, Raj, Phillip and the Group, I hadn't thought of CEF much as I "thought" it wasn't available on the smaller routers. i.e. - only on the routers with line cards etc. However, I just enabled CEF on a 2611 and it created its table on the fly in no time flat. The 2611 won't do dCEF however. Also, the smaller routers can't do cef accounting. Anyway, now I have to mock something up in the lab to see if we can determine how much of any improvement CEF will give us. Since we're not using CEF anywhere in our network I can't just turn it on without a bit more research. If it only lessens the CPU load by a few percent then bigger hardware is in our future, but if we see gains of 20% or more then CEF would indeed be a cheap solution. I noticed that CEF has issues with policy routing and other features - but so far we're not using any of them. So, another question - does anyone have any idea/experience on how much CEF will gain for us? Given the average 50% load on the router - practically all switching load??? tia Kevin Wigle - Original Message - From: "John Neiberger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 12, 2001 4:11 PM Subject: Re: Can someone interpret this please? > I just checked CCO and there are so many CPU-related bugs in 12.0(5) that I stopped counting after a while. You might want to upgrade, if feasible. > > Also, try doing a show align to see if you're getting spurious memory access errors. One of the bugs mentioned a high CPU usage due to these. > > HTH, > John > > > > > Bob, Phil - and the group. > > > > Thanks for the input, gives me more to think about. > > > > Some more history.. > > > > This router is a 3620 with OC3 and FastEthernet interfaces. It has 48 meg > > and is running 12.0(5)XK1. > > > > According to Cisco's docs, the 3620 should be able to handle around 20-40 > > kpps. > > > > However, the router shows only around 2.6 kpps almost evenly split in/out. > > > > I have been unable to verify exactly on CCO but I suspect that a 3620 cannot > > handle (very well) two high-speed interfaces - more specifically if one is > > OC3. > > > > I have found info where Cisco, when talking about the OC3 interface for the > > 3600 series stated: > > > > "Max two high-speed network modules in a Cisco 3640 (includes Fast Ethernet, > > ATM, HSSI)" > > > > Now the 3640 has a 100mhz processor and the 3620 has a 80 mhz processor. > > > > I'm wondering if the SAR process is overwhelming the 3620? I'm sure I read > > someplace that only one high-speed interface was recommended for the 3620 > > but I haven't found that info again. > > > > Considering the low level of traffic, what else could be keeping the cpu > > utilization up so high? Need more info. let me know! > > > > Kevin Wigle > > > > > > - Original Message - > > From: "Phillip Heller" <[EMAIL PROTECTED]> > > To: "Kevin Wigle" <[EMAIL PROTECTED]> > > Cc: "cisco" <[EMAIL PROTECTED]> > > Sent: Monday, February 12, 2001 2:12 PM > > Subject: Re: Can someone interpret this please? > > > > > > > On Mon, 12 Feb 2001, Kevin Wigle wrote: > > > > > > Dear group, > > > > > > Investigating a router that is starting to loaded down. When I do a > > sh proc > > > cpu I get 50% or cpu utilization but the stats don't seem to add up to > > 50%. > > > > > > Is there another way to try and see where the 50% is coming from? > > > > > > sh proc cpu > > > CPU utilization for five seconds: 44%/44%; one minute: 50%; five > > minutes: > > > 52% > > > > > > The five second utilization numbers in the above line (44%/44%) represent > > > two things. The first number is total processor utilization and the > > > second is processor utilization due to interrupts. The difference in > > > these two numbers would be the sum of 5sec utilization by all other > > > processes. > > > > > > If utilization due to interrupts increases over time, it represents > > > traffic growth. If it jumps alot in a short amount of time, it may be a > > > DoS attack. You can verify the latter by turning on "ip route-cache flow" > > > on suspected interfaces and then looking at the output of "sh ip cache > > > flow". > > > > > > If the processor gets too high with legitimate traffic, you can use cef or > > > dcef (ip route-cache cef, ip cef distributed). > > > > > > Failing that, you'll probably more beefy hardware. > > > > > > Regards, > > > > > > --phil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Performance of CEF over Fast Switching
I honestly don't have much experience with it on lower end platforms. The two or three cases I can think of, it has only made a ~ 10% difference. In situations with higher-end hardware (7513, etc), it can drop utilization by 30% or more. If cef is run distributed, the utilization is cut even more. You should be aware that there are numerous bugs with respect to cef. cef adjacencies will become inconsistent, etc. I'd suggest reading the book "Inside IOS software architecture". It has a pretty good section on cef. Regards, --phil | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of | Kevin Wigle | Sent: Friday, February 16, 2001 3:33 PM | To: John Neiberger | Cc: cisco | Subject: Performance of CEF over Fast Switching | | | John, Bob, Raj, Phillip and the Group, | | I hadn't thought of CEF much as I "thought" it wasn't available on the | smaller routers. i.e. - only on the routers with line cards etc. | | However, I just enabled CEF on a 2611 and it created its table | on the fly in | no time flat. The 2611 won't do dCEF however. Also, the smaller routers | can't do cef accounting. | | Anyway, now I have to mock something up in the lab to see if we can | determine how much of any improvement CEF will give us. Since we're not | using CEF anywhere in our network I can't just turn it on | without a bit more | research. | | If it only lessens the CPU load by a few percent then bigger | hardware is in | our future, but if we see gains of 20% or more then CEF would indeed be a | cheap solution. | | I noticed that CEF has issues with policy routing and other | features - but | so far we're not using any of them. | | So, another question - does anyone have any idea/experience on | how much CEF | will gain for us? Given the average 50% load on the router - practically | all switching load??? | | tia | | Kevin Wigle | | | - Original Message - | From: "John Neiberger" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Cc: <[EMAIL PROTECTED]> | Sent: Monday, February 12, 2001 4:11 PM | Subject: Re: Can someone interpret this please? | | | > I just checked CCO and there are so many CPU-related bugs in | 12.0(5) that | I stopped counting after a while. You might want to upgrade, if | feasible. | > | > Also, try doing a show align to see if you're getting spurious memory | access errors. One of the bugs mentioned a high CPU usage due to these. | > | > HTH, | > John | > | > > | > > Bob, Phil - and the group. | > > | > > Thanks for the input, gives me more to think about. | > > | > > Some more history.. | > > | > > This router is a 3620 with OC3 and FastEthernet interfaces. | It has 48 | meg | > > and is running 12.0(5)XK1. | > > | > > According to Cisco's docs, the 3620 should be able to handle around | 20-40 | > > kpps. | > > | > > However, the router shows only around 2.6 kpps almost evenly split | in/out. | > > | > > I have been unable to verify exactly on CCO but I suspect that a 3620 | cannot | > > handle (very well) two high-speed interfaces - more | specifically if one | is | > > OC3. | > > | > > I have found info where Cisco, when talking about the OC3 | interface for | the | > > 3600 series stated: | > > | > > "Max two high-speed network modules in a Cisco 3640 (includes Fast | Ethernet, | > > ATM, HSSI)" | > > | > > Now the 3640 has a 100mhz processor and the 3620 has a 80 | mhz processor. | > > | > > I'm wondering if the SAR process is overwhelming the 3620? | I'm sure I | read | > > someplace that only one high-speed interface was recommended for the | 3620 | > > but I haven't found that info again. | > > | > > Considering the low level of traffic, what else could be | keeping the cpu | > > utilization up so high? Need more info. let me know! | > > | > > Kevin Wigle | > > | > > | > > - Original Message - | > > From: "Phillip Heller" <[EMAIL PROTECTED]> | > > To: "Kevin Wigle" <[EMAIL PROTECTED]> | > > Cc: "cisco" <[EMAIL PROTECTED]> | > > Sent: Monday, February 12, 2001 2:12 PM | > > Subject: Re: Can someone interpret this please? | > > | > > | > > > On Mon, 12 Feb 2001, Kevin Wigle wrote: | > > > | > > > Dear group, | > > > | > > > Investigating a router that is starting to loaded | down. When I do | a | > > sh proc | > > > cpu I get 50% or cpu utilization but the stats don'
Re: Performance of CEF over Fast Switching
We have a 7513 as our backbone router and pre-12.0 it was running on average at maybe 9-10% CPU. After upgrading to 12.1 and turning on CEF, that dropped to around 5%. That's really not a good test because we were hardly pushing the thing to begin with. Still, it does seem to make a noticable difference and we haven't had any problems with it. By the way, off-topic, I seem to have resolved the problems I had with excitemail, so I've moved back to using [EMAIL PROTECTED] Lately, my email address has been changing almost daily! John > > John, Bob, Raj, Phillip and the Group, > > I hadn't thought of CEF much as I "thought" it wasn't available on the > smaller routers. i.e. - only on the routers with line cards etc. > > However, I just enabled CEF on a 2611 and it created its table on the fly in > no time flat. The 2611 won't do dCEF however. Also, the smaller routers > can't do cef accounting. > > Anyway, now I have to mock something up in the lab to see if we can > determine how much of any improvement CEF will give us. Since we're not > using CEF anywhere in our network I can't just turn it on without a bit more > research. > > If it only lessens the CPU load by a few percent then bigger hardware is in > our future, but if we see gains of 20% or more then CEF would indeed be a > cheap solution. > > I noticed that CEF has issues with policy routing and other features - but > so far we're not using any of them. > > So, another question - does anyone have any idea/experience on how much CEF > will gain for us? Given the average 50% load on the router - practically > all switching load??? > > tia > > Kevin Wigle > > > - Original Message - > From: "John Neiberger" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, February 12, 2001 4:11 PM > Subject: Re: Can someone interpret this please? > > > > I just checked CCO and there are so many CPU-related bugs in 12.0(5) that > I stopped counting after a while. You might want to upgrade, if feasible. > > > > Also, try doing a show align to see if you're getting spurious memory > access errors. One of the bugs mentioned a high CPU usage due to these. > > > > HTH, > > John > > > > > > > > Bob, Phil - and the group. > > > > > > Thanks for the input, gives me more to think about. > > > > > > Some more history.. > > > > > > This router is a 3620 with OC3 and FastEthernet interfaces. It has 48 > meg > > > and is running 12.0(5)XK1. > > > > > > According to Cisco's docs, the 3620 should be able to handle around > 20-40 > > > kpps. > > > > > > However, the router shows only around 2.6 kpps almost evenly split > in/out. > > > > > > I have been unable to verify exactly on CCO but I suspect that a 3620 > cannot > > > handle (very well) two high-speed interfaces - more specifically if one > is > > > OC3. > > > > > > I have found info where Cisco, when talking about the OC3 interface for > the > > > 3600 series stated: > > > > > > "Max two high-speed network modules in a Cisco 3640 (includes Fast > Ethernet, > > > ATM, HSSI)" > > > > > > Now the 3640 has a 100mhz processor and the 3620 has a 80 mhz processor. > > > > > > I'm wondering if the SAR process is overwhelming the 3620? I'm sure I > read > > > someplace that only one high-speed interface was recommended for the > 3620 > > > but I haven't found that info again. > > > > > > Considering the low level of traffic, what else could be keeping the cpu > > > utilization up so high? Need more info. let me know! > > > > > > Kevin Wigle > > > > > > > > > - Original Message - > > > From: "Phillip Heller" <[EMAIL PROTECTED]> > > > To: "Kevin Wigle" <[EMAIL PROTECTED]> > > > Cc: "cisco" <[EMAIL PROTECTED]> > > > Sent: Monday, February 12, 2001 2:12 PM > > > Subject: Re: Can someone interpret this please? > > > > > > > > > > On Mon, 12 Feb 2001, Kevin Wigle wrote: > > > > > > > > Dear group, > > > > > > > > Investigating a router that is starting to loaded down. When I do > a > > > sh proc > > > > cpu I get 50% or cpu utilization but the stats don't seem to add > up to > > > 50%. > > > > > > > > Is there another way to try and see where the 50% is coming from? > > > > > > > > sh proc cpu > > > > CPU utilization for five seconds: 44%/44%; one minute: 50%; five > > > minutes: > > > > 52% > > > > > > > > The five second utilization numbers in the above line (44%/44%) > represent > > > > two things. The first number is total processor utilization and the > > > > second is processor utilization due to interrupts. The difference in > > > > these two numbers would be the sum of 5sec utilization by all other > > > > processes. > > > > > > > > If utilization due to interrupts increases over time, it represents > > > > traffic growth. If it jumps alot in a short amount of time, it may be > a > > > > DoS attack. You can verify the latter by turning on "ip route-cache > flow" > > > > on suspected interfaces and then
