Problem z wydajnością 6500

Problemy związane z routingiem
Wiadomość
Autor
pencio
fresh
fresh
Posty: 5
Rejestracja: 27 mar 2017, 15:18

Problem z wydajnością 6500

#1

#1 Post autor: pencio »

Witam

Mam problem z wydajnością Cisco 6500 który robi za główny router w sieci

3 łącza BGP - pełne tablice odbierane
1 łacze BGP - pełna tablica wysyłana

2 łącza IPTV PIM(osobny VRF) jedno backupowane główne spięte po BGP, zapasowe z metryką 21.
Stacja czołowa
Ospf dla sieci lokalnej, kilka vlanów, kilka ACL
Ruch w stronę internetu 2G (łącznie z tv)

Występują piki obciążenia procesora które widać poniżej w wykresie 72 h
Zauważyłem, że najwięcej procesor męczy proces bgp scanner
Poniżej załączam konfig. Proszę szanowne grono o opinię czy może coś źle skonfigurowałem lub czy wydajność tego sprzętu się kończy.


bgp#show platform hardware capacity system
System Resources
PFC operating mode: PFC3BXL
Supervisor redundancy mode: administratively sso, operationally sso
Switching resources: Module Part number Series CEF mode
2 WS-X6704-10GE CEF720 dCEF
3 WS-X6704-10GE CEF720 dCEF
5 WS-SUP720-BASE supervisor CEF
7 WS-X6724-SFP CEF720 dCEF


bgp#show processes cpu history

42222211111 11111 111114444433333 111
4666666666655555111117777755555444442222244444777775555000
100
90
80
70
60
50
40 * **********
30 ****** **********
20 *********** **********
10 ******************************* **********************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)

4676836668365685565775554959669766695755956555966579755796
4573640601349221363773579865629102279043454004957209998695
100 * * * * * * *
90 * * * * * * * * *
80 * * * * ** * * * * * * ** **
70 ** * * * * * ** * ** ** * * * *** *** ***
60 **** **** **** * ** ** ************* *** *** ********
50 **** **** ***********************************************
40 ***** **** ***********************************************
30 ****#****#**********************#****#********#***********
20 **###**#*#**###**###**#########*#*####*##*#*#*##*######*##
10 ##########################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%

9999999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999899999999999999999999999999998999999999999998999899
100 **********************************************************************
90 **********************************************************************
80 **********************************************************************
70 **********************************************************************
60 **********************************************************************
50 **********************************************************************
40 **********************************************************************
30 **********************************************************************
20 ################################################***###################
10 ######################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%


bgp#show platform hardware capacity cpu
CPU Resources
CPU utilization: Module 5 seconds 1 minute 5 minutes
2 7% / 1% 14% 10%
3 6% / 0% 5% 5%
5 RP 14% / 3% 25% 19%
5 SP 35% / 1% 25% 25%
7 16% / 0% 16% 15%
Processor memory: Module Bytes: Total Used %Used
2 1004225152 304650692 30%
3 1004225152 304028036 30%
5 RP 895646544 726478724 81%
5 SP 824680344 263960656 32%
7 467354304 292493812 63%
I/O memory: Module Bytes: Total Used %Used
5 RP 67108864 21605604 32%
5 SP 67108864 20884952 31%

Konfig wygląda następująco:

version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service compress-config
service counters max age 5
!
hostname bgp
!
boot-start-marker
boot system flash disk1:s72033-advipservicesk9_wan-mz.122-33.SXJ9.bin
boot system disk0:s72033-advipservicesk9_wan-mz.122-33.SXJ9.bin
boot-end-marker
!
security passwords min-length 1
no logging console
!
no aaa new-model
clock timezone MST 1
clock summer-time MET recurring last Sun Mar 2:00 last Sun Oct 3:00
ip routing protocol purge interface
!
!
!
ip ftp username bgp
ip vrf TV
rd 65001:1
!
ip multicast-routing vrf TV
ip ssh authentication-retries 4
ip ssh version 2
vtp mode transparent
no mls acl tcam share-global
mls netflow interface
mls flow ip interface-full
mls nde sender
mls rate-limit unicast cef receive 500000 100
mls rate-limit all ttl-failure 15 10
mls cef error action reset
mls cef maximum-routes ip 768
mls cef maximum-routes ipv6 111
mls cef maximum-routes mpls 24
mls cef maximum-routes ip-multicast 1
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1-4094
diagnostic bootup level minimal
no errdisable detect cause gbic-invalid
access-list 1 permit 10.99.99.0 0.0.0.255
access-list 2 permit 10.99.99.0 0.0.0.255
access-list 2 permit XXX.XXX.24.0 0.0.7.255
access-list 100 permit ip 10.99.99.0 0.0.0.255 any
access-list 101 permit ip any any
access-list 103 permit icmp any any
access-list 103 permit ip host XXX.XXX.26.60 10.99.99.0 0.0.0.255
access-list 103 permit ip host XXX.XXX.26.50 10.99.99.0 0.0.0.255
access-list 103 permit ip host XXX.XXX.26.220 10.99.99.0 0.0.0.255
access-list 103 permit ip host XXX.XXX.26.250 10.99.99.0 0.0.0.255
access-list 103 permit ip 10.99.99.0 0.0.0.255 10.99.99.0 0.0.0.255
access-list 103 permit ip 10.99.99.0 0.0.0.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip 192.0.2.0 0.0.0.255 any
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.0.15.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip XXX.XXX.24.0 0.0.7.255 any
access-list 104 deny udp any any eq 135
access-list 104 deny udp any any eq 136
access-list 104 deny udp any any eq netbios-ns
access-list 104 deny udp any any eq netbios-dgm
access-list 104 deny udp any any eq netbios-ss
access-list 104 deny tcp any any eq 135
access-list 104 deny tcp any any eq 136
access-list 104 deny tcp any any eq 137
access-list 104 deny tcp any any eq 138
access-list 104 deny tcp any any eq 139
access-list 104 deny tcp any any eq 445
access-list 104 deny udp any host XXX.XXX.30.249 eq ntp
access-list 104 permit ip any any
access-list 104 permit gre any any
access-list 104 permit esp any any
access-list 104 permit ahp any any
access-list 104 permit pcp any any
access-list 105 permit ip XXX.XXX.24.0 0.0.7.255 any
access-list 105 permit ip XX.XXX.74.0 0.0.0.255 any
!
redundancy
main-cpu
auto-sync running-config
mode sso
!
ip access-list standard ZR1_MULTICAST
permit 239.11.0.0 0.0.255.255
ip access-list standard ZR2_MULTICAST
permit 239.25.0.0 0.0.255.255
ip access-list standard TV_FILTER
deny 238.1.1.0 0.0.0.255
deny 10.100.102.0 0.0.0.255
deny 10.100.103.0 0.0.0.255
deny 239.2.1.0 0.0.0.255
permit any
ip access-list standard ZARZADZANIE
permit XXX.XXX.24.130
permit XXX.XXX.26.250
permit XXX.XXX.24.22
permit XXX.XXX.24.10
permit XXX.XXX.26.60
permit XXX.XXX.24.38
permit XXX.XXX.24.90
permit XXX.XXX.24.122
permit 10.99.99.0 0.0.0.255
permit 10.90.91.0 0.0.0.255
ip access-list standard ssh
permit XXX.XXX.26.220
permit XXX.XXX.26.250
permit XXX.XXX.26.60
permit XXX.XXX.26.50
permit 10.99.99.0 0.0.0.255
!
ip access-list extended FVOIP
permit ip host XXX.XXX.24.130 any
permit ip 10.12.27.16 0.0.0.15 any
deny tcp any XXX.XXX.24.64 0.0.0.7 eq 22
deny tcp any XXX.XXX.24.64 0.0.0.7 eq 5432
permit ip any any
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 50-56
!
vlan 100
private-vlan primary
private-vlan association 101
!
vlan 101
private-vlan isolated
!
vlan 102
private-vlan primary
private-vlan association 103
!
vlan 103
private-vlan isolated
!
vlan 399,498
!
!
!
!
!
interface Null0
no ip unreachables
no ipv6 unreachables
!
interface Loopback0
description "loopback do vrf BGP"
ip address 10.88.88.1 255.255.255.255
!
interface Loopback1
description "loopback do OSPF"
ip address 10.19.1.100 255.255.255.255
!
interface TenGigabitEthernet2/1
description "VLANY DO OP"
no ip address
ip flow ingress
no cdp enable
!
interface TenGigabitEthernet2/1.997
description "OP1"
encapsulation dot1Q 997
ip address XX.XXX.XXX.XXX 255.255.255.252
ip access-group 104 in
ip verify unicast source reachable-via any
ip flow ingress
no cdp enable
!
interface TenGigabitEthernet2/1.1443
description "OP2"
encapsulation dot1Q 1443
ip address XX.XXX.XXX.XXX 255.255.255.252
ip access-group 104 in
ip verify unicast source reachable-via any
ip flow ingress
no cdp enable
!
interface TenGigabitEthernet2/1.2201
description "OP3"
encapsulation dot1Q 2201
ip address XX.XXX.XXX.66 255.255.255.252
ip access-group 104 in
ip verify unicast source reachable-via any
ip flow ingress
no cdp enable
!
interface TenGigabitEthernet2/2
description "VLANY DO LANU"
no ip address
no cdp enable
!
interface TenGigabitEthernet2/2.200
encapsulation dot1Q 200
ip address XXX.XXX.24.1 255.255.255.248
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXX
ip ospf cost 64
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.210
encapsulation dot1Q 210
ip address XXX.XXX.24.93 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXX
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.220
encapsulation dot1Q 220
ip address XXX.XXX.24.97 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXX
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.230
encapsulation dot1Q 230
ip address XXX.XXX.24.137 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXX
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.240
encapsulation dot1Q 240
ip address XXX.XXX.24.105 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXXX
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.250
encapsulation dot1Q 250
ip address 2.2.2.2 255.255.255.0
ip verify unicast source reachable-via any
no cdp enable
!
interface TenGigabitEthernet2/2.260
encapsulation dot1Q 260
ip address XXX.XXX.24.109 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXX
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.270
encapsulation dot1Q 270
ip address XXX.XXX.24.21 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.280
encapsulation dot1Q 280
ip address XXX.XXX.24.121 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.288
encapsulation dot1Q 288
ip address XXX.XXX.24.113 255.255.255.248
ip verify unicast source reachable-via any
no cdp enable
!
interface TenGigabitEthernet2/2.290
encapsulation dot1Q 290
ip address XXX.XXX.24.125 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.300
encapsulation dot1Q 300
ip address XXX.XXX.24.9 255.255.255.248
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXX
ip ospf cost 64
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.310
encapsulation dot1Q 310
ip address XXX.XXX.24.33 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.320
encapsulation dot1Q 320
ip address XXX.XXX.24.17 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.330
encapsulation dot1Q 330
ip address XXX.XXX.24.65 255.255.255.248
ip access-group FVOIP out
no cdp enable
!
interface TenGigabitEthernet2/2.340
encapsulation dot1Q 340
ip address XXX.XXX.24.129 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.350
encapsulation dot1Q 350
ip address XXX.XXX.24.41 255.255.255.248
ip verify unicast source reachable-via any
no cdp enable
!
interface TenGigabitEthernet2/2.360
encapsulation dot1Q 360
ip address XXX.XXX.24.37 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.370
encapsulation dot1Q 370
ip address XXX.XXX.24.89 255.255.255.252
ip verify unicast source reachable-via any
ip ospf message-digest-key 1 md5 7 XXXXXXX
ip ospf cost 64
ip ospf priority 10
no cdp enable
!
interface TenGigabitEthernet2/2.380
encapsulation dot1Q 380
ip address XXX.XXX.24.133 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.388
encapsulation dot1Q 388
ip address XXX.XXX.24.81 255.255.255.252
ip verify unicast source reachable-via any
no cdp enable
!
interface TenGigabitEthernet2/2.389
encapsulation dot1Q 389
ip address XXX.XXX.24.73 255.255.255.248
ip verify unicast source reachable-via any
no cdp enable
!
interface TenGigabitEthernet2/2.390
encapsulation dot1Q 390
ip address XXX.XXX.24.157 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/2.555
encapsulation dot1Q 555
ip address XXX.XXX.24.253 255.255.255.252
no cdp enable
!
interface TenGigabitEthernet2/3
no ip address
!
interface TenGigabitEthernet2/4
no ip address
shutdown
!
interface TenGigabitEthernet3/1
no ip address
shutdown
!
interface TenGigabitEthernet3/2
no ip address
shutdown
!
interface TenGigabitEthernet3/3
no ip address
shutdown
!
interface TenGigabitEthernet3/4
no ip address
shutdown
!
interface GigabitEthernet5/1
no ip address
shutdown
!
interface GigabitEthernet5/2
no ip address
shutdown
!
interface GigabitEthernet7/1
description "ZARZADZANIE"
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 399
switchport mode trunk
speed nonegotiate
!
interface GigabitEthernet7/2
no ip address
shutdown
speed nonegotiate
!
interface GigabitEthernet7/3
no ip address
shutdown
speed nonegotiate
!
interface GigabitEthernet7/4
no ip address
shutdown
speed nonegotiate
!
interface GigabitEthernet7/5
switchport
switchport private-vlan mapping 102 103
switchport mode private-vlan promiscuous
!
interface GigabitEthernet7/6
switchport
switchport private-vlan host-association 102 103
switchport mode private-vlan host
!
interface GigabitEthernet7/7
switchport
switchport private-vlan host-association 102 103
switchport mode private-vlan host
!
interface GigabitEthernet7/8
switchport
switchport private-vlan host-association 102 103
switchport mode private-vlan host
!
interface GigabitEthernet7/9
switchport
switchport private-vlan mapping 100 101
switchport mode private-vlan promiscuous
!
interface GigabitEthernet7/10
switchport
switchport private-vlan host-association 100 101
switchport mode private-vlan host
!
interface GigabitEthernet7/11
switchport
switchport private-vlan host-association 100 101
switchport mode private-vlan host
!
interface GigabitEthernet7/12
switchport
switchport private-vlan host-association 100 101
switchport mode private-vlan host
!
interface GigabitEthernet7/13
no ip address
shutdown
!
interface GigabitEthernet7/14
no ip address
shutdown
!
interface GigabitEthernet7/15
no ip address
shutdown
!
interface GigabitEthernet7/16
no ip address
shutdown
!
interface GigabitEthernet7/17
no ip address
shutdown
!
interface GigabitEthernet7/18
no ip address
shutdown
!
interface GigabitEthernet7/19
description "IPTV W STRONE STB"
no ip address
!
interface GigabitEthernet7/19.500
encapsulation dot1Q 500
ip vrf forwarding TV
ip address 10.110.0.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/19.540
encapsulation dot1Q 540
ip vrf forwarding TV
ip address 10.110.16.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/19.550
encapsulation dot1Q 550
ip vrf forwarding TV
ip address 10.110.20.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/19.590
encapsulation dot1Q 590
ip vrf forwarding TV
ip address 10.40.52.1 255.255.255.248
ip pim dense-mode
no cdp enable
!
interface GigabitEthernet7/20
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 498
switchport mode trunk
!
interface GigabitEthernet7/21
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 498
switchport mode trunk
!
interface GigabitEthernet7/22
description "STACJA CZOLOWA IPTV"
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-56,399
switchport mode trunk
!
interface GigabitEthernet7/23
description "IPTV W STRONE STB"
no ip address
speed nonegotiate
!
interface GigabitEthernet7/23.510
encapsulation dot1Q 510
ip vrf forwarding TV
ip address 10.110.4.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/23.520
encapsulation dot1Q 520
ip vrf forwarding TV
ip address 10.110.8.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/23.530
encapsulation dot1Q 530
ip vrf forwarding TV
ip address 10.110.12.1 255.255.252.0
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/24
description "LACZA IPTV"
no ip address
speed nonegotiate
no cdp enable
!
interface GigabitEthernet7/24.1444
encapsulation dot1Q 1444
ip vrf forwarding TV
ip address XX.XXX.XXX.82 255.255.255.252
ip access-group TV_FILTER in
ip access-group TV_FILTER out
ip pim sparse-mode
no cdp enable
!
interface GigabitEthernet7/24.2203
encapsulation dot1Q 2203
ip vrf forwarding TV
ip address XX.XXX.XXX.16 255.255.255.252
ip access-group TV_FILTER in
ip access-group TV_FILTER out
ip pim sparse-mode
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan50
description "MULTICAST STACJA CZOLOWA MODUL 1"
ip vrf forwarding TV
ip address 10.100.102.1 255.255.255.252
ip pim dense-mode
!
interface Vlan51
description "MULTICAST STACJA CZOLOWA MODUL 2"
ip vrf forwarding TV
ip address 10.100.102.5 255.255.255.252
ip pim dense-mode
!
interface Vlan52
description "MULTICAST STACJA CZOLOWA MODUL 3"
ip vrf forwarding TV
ip address 10.100.102.9 255.255.255.252
ip pim dense-mode
!
interface Vlan53
description "MULTICAST STACJA CZOLOWA MODUL 4"
ip vrf forwarding TV
ip address 10.100.102.13 255.255.255.252
ip pim dense-mode
!
interface Vlan54
description "MULTICAST STACJA CZOLOWA MODUL 5"
ip vrf forwarding TV
ip address 10.100.102.17 255.255.255.252
ip pim dense-mode
!
interface Vlan55
description "MULTICAST STACJA CZOLOWA MODUL 6"
ip vrf forwarding TV
ip address 10.100.102.21 255.255.255.252
ip pim dense-mode
!
interface Vlan56
description "MULTICAST STACJA CZOLOWA MODUL 7"
ip vrf forwarding TV
ip address 10.100.102.25 255.255.255.252
ip pim dense-mode
!
interface Vlan399
description "vlan do zarzadzania"
ip address 10.99.99.1 255.255.255.0
ip access-group ZARZADZANIE out
!
interface Vlan498
ip vrf forwarding TV
ip address 10.100.103.5 255.255.255.252
ip pim dense-mode
!
router ospf 1
router-id 10.19.1.100
log-adjacency-changes
area 1 authentication message-digest
area 2 authentication message-digest
area 3 authentication message-digest
passive-interface TenGigabitEthernet2/1
passive-interface TenGigabitEthernet2/1.997
passive-interface TenGigabitEthernet2/1.1443
passive-interface TenGigabitEthernet2/1.2201
passive-interface TenGigabitEthernet2/2
passive-interface TenGigabitEthernet2/2.250
passive-interface TenGigabitEthernet2/2.270
passive-interface TenGigabitEthernet2/2.280
passive-interface TenGigabitEthernet2/2.288
passive-interface TenGigabitEthernet2/2.290
passive-interface TenGigabitEthernet2/2.310
passive-interface TenGigabitEthernet2/2.320
passive-interface TenGigabitEthernet2/2.330
passive-interface TenGigabitEthernet2/2.340
passive-interface TenGigabitEthernet2/2.350
passive-interface TenGigabitEthernet2/2.360
passive-interface TenGigabitEthernet2/2.380
passive-interface TenGigabitEthernet2/2.388
passive-interface TenGigabitEthernet2/2.389
passive-interface TenGigabitEthernet2/2.390
passive-interface TenGigabitEthernet2/2.555
passive-interface TenGigabitEthernet2/3
passive-interface TenGigabitEthernet2/4
passive-interface TenGigabitEthernet3/1
passive-interface TenGigabitEthernet3/2
passive-interface TenGigabitEthernet3/3
passive-interface TenGigabitEthernet3/4
passive-interface GigabitEthernet5/1
passive-interface GigabitEthernet5/2
passive-interface GigabitEthernet7/1
passive-interface GigabitEthernet7/2
passive-interface GigabitEthernet7/3
passive-interface GigabitEthernet7/4
passive-interface GigabitEthernet7/5
passive-interface GigabitEthernet7/6
passive-interface GigabitEthernet7/7
passive-interface GigabitEthernet7/8
passive-interface GigabitEthernet7/9
passive-interface GigabitEthernet7/10
passive-interface GigabitEthernet7/11
passive-interface GigabitEthernet7/12
passive-interface GigabitEthernet7/13
passive-interface GigabitEthernet7/14
passive-interface GigabitEthernet7/15
passive-interface GigabitEthernet7/16
passive-interface GigabitEthernet7/17
passive-interface GigabitEthernet7/18
passive-interface GigabitEthernet7/19
passive-interface GigabitEthernet7/20
passive-interface GigabitEthernet7/21
passive-interface GigabitEthernet7/22
passive-interface GigabitEthernet7/23
passive-interface GigabitEthernet7/24
passive-interface Vlan1
passive-interface Vlan399
network 10.19.1.100 0.0.0.0 area 1
network XXX.XXX.24.0 0.0.0.7 area 3
network XXX.XXX.24.8 0.0.0.7 area 2
network XXX.XXX.24.88 0.0.0.3 area 1
network XXX.XXX.24.92 0.0.0.3 area 1
network XXX.XXX.24.96 0.0.0.3 area 1
network XXX.XXX.24.104 0.0.0.3 area 1
network XXX.XXX.24.108 0.0.0.3 area 1
network XXX.XXX.24.136 0.0.0.3 area 1
!
router bgp XXXXXX
bgp router-id 10.88.88.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor XX.XXX.X.XX remote-as XXXXX
neighbor XXX.XXX.24.82 remote-as XXXXX
neighbor XX.XX.XX.XX remote-as XXXXX
neighbor XXX.XXX.XXX.XXX remote-as XXXXX
!
address-family ipv4
redistribute static route-map BH-OP1
neighbor XX.XXX.XXX.65 activate
neighbor XX.XXX.XXX.65 send-community
neighbor XX.XXX.XXX.65 prefix-list WORDIN-OP3 in
neighbor XX.XXX.XXX.65 route-map OP3-IN in
neighbor XX.XXX.XXX.65 route-map MOP3-OUT out
neighbor XX.XXX.XXX.65 filter-list 302 out
neighbor XXX.XXX.24.82 activate
neighbor XXX.XXX.24.82 prefix-list WORLDIN-XBS in
neighbor XXX.XXX.24.82 prefix-list WORLDOUT-XBS out
neighbor XXX.XXX.24.82 route-map OP4-IN in
neighbor XX.XXX.XX.133 activate
neighbor XX.XXX.XX.133 send-community
neighbor XX.XXX.XX.133 prefix-list WORDIN-OP1 in
neighbor XX.XXX.XX.133 route-map MOP1-IN in
neighbor XX.XXX.XX.133 route-map MOP1-OUT out
neighbor XX.XXX.XX.133 filter-list 300 out
neighbor XXX.XX.XXX.241 activate
neighbor XXX.XX.XXX.241 prefix-list WORDIN-OP2 in
neighbor XXX.XX.XXX.241 route-map OP2-IN in
neighbor XXX.XX.XXX.241 route-map MAOP2-OUT out
neighbor XXX.XX.XXX.241 filter-list 301 out
no auto-summary
no synchronization
network XXX.XXX.24.0 mask 255.255.248.0
exit-address-family
!
address-family ipv4 vrf TV
neighbor 10.100.3.161 remote-as XXXXX
neighbor 10.100.3.161 local-as 65001
neighbor 10.100.3.161 activate
neighbor 10.100.3.161 prefix-list WORLDIN-IPTV in
neighbor 10.100.3.161 prefix-list WORLDOUT-IPTV out
no synchronization
network 10.110.0.0 mask 255.255.0.0
exit-address-family
!
ip classless
ip forward-protocol nd
ip route 10.0.0.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.0.2.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.0.3.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.0.113.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.1.1.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.2.2.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.3.3.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.4.4.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.5.5.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.6.6.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.7.7.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.8.8.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.9.9.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.10.0.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.10.10.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.11.11.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.15.15.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.20.20.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.30.30.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.30.31.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.30.32.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.40.45.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.40.46.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.60.60.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.100.0.0 255.255.255.0 XXX.XXX.24.10 111
ip route 10.150.0.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.222.222.0 255.255.255.0 XXX.XXX.24.2 111
ip route 10.255.255.0 255.255.255.0 XXX.XXX.24.10 111
ip route XXX.XXX.24.0 255.255.248.0 Null0
ip route XXX.XXX.24.24 255.255.255.248 XXX.XXX.24.10 111
ip route XXX.XXX.24.48 255.255.255.240 XXX.XXX.24.2 111
ip route XXX.XXX.24.84 255.255.255.252 XXX.XXX.24.10 111
ip route XXX.XXX.24.100 255.255.255.252 XXX.XXX.24.10 111
ip route XXX.XXX.25.0 255.255.255.0 XXX.XXX.24.2 111
ip route XXX.XXX.26.0 255.255.255.0 XXX.XXX.24.10 111
ip route XXX.XXX.27.0 255.255.255.0 XXX.XXX.24.2 111
ip route XXX.XXX.28.0 255.255.255.192 XXX.XXX.24.2 111
ip route XXX.XXX.28.192 255.255.255.192 XXX.XXX.24.42
ip route XXX.XXX.30.2 255.255.255.255 XXX.XXX.24.34
ip route XXX.XXX.31.0 255.255.255.192 XXX.XXX.24.10 111
ip route XXX.XXX.31.64 255.255.255.192 XXX.XXX.24.2 111
ip route XXX.XXX.31.128 255.255.255.240 XXX.XXX.24.10 111
ip route XX.X.XXX.0 255.255.255.0 XXX.XXX.24.10 111
ip route 172.0.0.0 255.255.240.0 XXX.XXX.24.10 111
ip route 172.22.22.0 255.255.255.0 XXX.XXX.24.10 111
ip route 192.0.2.1 255.255.255.255 Null0
ip route 192.168.33.0 255.255.255.0 XXX.XXX.24.2 111
ip route 192.168.35.0 255.255.255.0 XXX.XXX.24.2 111
ip route 192.168.38.0 255.255.254.0 XXX.XXX.24.10 111
ip route 192.168.66.0 255.255.255.0 XXX.XXX.24.10 111
ip route vrf TV XX.XXX.XXX.100 255.255.255.252 10.100.100.81 21
ip route vrf TV XX.XXX.0.0 255.255.0.0 Null0
ip route vrf TV XXX.XX.0.0 255.255.0.0 10.100.100.81 21
ip route vrf TV XXX.XXX.XXX.0 255.255.252.0 10.100.100.81 21
ip route vrf TV XXX.XXX.XXX.0 255.255.252.0 10.100.100.81 21
!
ip bgp-community new-format
ip community-list standard blackhole permit XXXXX:666
ip as-path access-list 101 permit ^$
ip as-path access-list 101 permit ^XXXXX$
ip as-path access-list 300 permit ^$
ip as-path access-list 300 permit ^XXXXX$
ip as-path access-list 301 permit ^$
ip as-path access-list 301 permit ^XXXXX$
ip as-path access-list 302 permit ^$
ip as-path access-list 302 permit ^XXXXX$
ip as-path access-list 303 permit ^XXXXX$
ip flow-export destination 10.99.99.40 10001
!
no ip http server
no ip http secure-server
ip pim vrf TV rp-address XXX.XXX.XXX.254 ZR1_MULTICAST
ip pim vrf TV rp-address XX.XXX.XXX.101 ZR2_MULTICAST
!
!
ip prefix-list ADRESY_OP3 seq 5 permit XX.XXX.XXX.0/20
ip prefix-list ADRESY_OP3 seq 10 permit XXX.XXX.XX.0/24
ip prefix-list ADRESY_OP3 seq 15 permit XXX.XXX.XX.0/24
ip prefix-list ADRESY_OP3 seq 20 permit XXX.XX.XX.0/22
!
ip prefix-list ADRESY_OP4 seq 5 permit XX.XXX.74.0/24
!
ip prefix-list ADRESY_OP2 seq 5 permit XX.XX.0.0/21
ip prefix-list ADRESY_OP2 seq 10 permit XX.XX.0.0/24
ip prefix-list ADRESY_OP2 seq 15 permit XX.XX.1.0/24
ip prefix-list ADRESY_OP2 seq 20 permit XX.XX.2.0/24
ip prefix-list ADRESY_OP2 seq 25 permit XX.XX.3.0/24
ip prefix-list ADRESY_OP2 seq 30 permit XX.XXX.120.0/22
ip prefix-list ADRESY_OP2 seq 35 permit XX.XXX.120.0/24
ip prefix-list ADRESY_OP2 seq 40 permit XX.XXX.121.0/24
ip prefix-list ADRESY_OP2 seq 45 permit XX.XXX.122.0/24
ip prefix-list ADRESY_OP2 seq 50 permit XXX.XX.174.0/23
ip prefix-list ADRESY_OP2 seq 55 permit XXX.XX.174.0/24
ip prefix-list ADRESY_OP2 seq 60 permit XXX.XX.175.0/24
!
ip prefix-list PREPEND-ALL seq 5 permit 0.0.0.0/0
!
ip prefix-list WORDIN-OP3 seq 5 deny XXX.XXX.24.0/21
ip prefix-list WORDIN-OP3 seq 15 permit 0.0.0.0/0 le 32
!
ip prefix-list WORDIN-OP2 seq 5 deny XXX.XXX.24.0/21
ip prefix-list WORDIN-OP2 seq 10 deny XXX.XXX.0.0/15
ip prefix-list WORDIN-OP2 seq 15 permit 0.0.0.0/0 le 32
!
ip prefix-list WORDIN-OP1 seq 5 deny XXX.XXX.24.0/21
ip prefix-list WORDIN-OP1 seq 15 permit 0.0.0.0/0 le 32
!
ip prefix-list WORLDIN-IPTV seq 10 permit XXX.XXX.XXX.0/22
ip prefix-list WORLDIN-IPTV seq 15 permit XXX.XXX.XXX.0/22
ip prefix-list WORLDIN-IPTV seq 16 permit XX.XX.0.0/16
ip prefix-list WORLDIN-IPTV seq 17 permit XX.XXX.XXX.XXX/30
ip prefix-list WORLDIN-IPTV seq 25 deny 0.0.0.0/0 le 32
!
ip prefix-list WORLDIN-XBS seq 10 permit XX.XXX.74.0/24
ip prefix-list WORLDIN-XBS seq 15 deny 0.0.0.0/0 le 32
!
ip prefix-list WORLDOUT-IPTV seq 5 permit XX.XXX.0.0/16
ip prefix-list WORLDOUT-IPTV seq 25 deny 0.0.0.0/0 le 32
!
ip prefix-list WORLDOUT-XBS seq 5 deny XX.XXX.74.0/24
ip prefix-list WORLDOUT-XBS seq 25 permit 0.0.0.0/0 le 32
!
ip prefix-list only32 seq 5 permit XXX.XXX.24.0/21 ge 32
!
ip prefix-list opteam seq 5 permit XX.X.XXX.0/24
kron occurrence AUTOSAVE-CONFIG-SCHEDULE at 4:00 recurring
policy-list AUTOSAVE-CONFIG
!
kron occurrence Backup at 1:30 recurring
policy-list BACKUP-FTP
!
kron policy-list AUTOSAVE-CONFIG
cli write
!
kron policy-list BACKUP-FTP
cli show run | redirect
cli show run | redirect ftp://10.99.99.2/bgp.cfg
!
logging trap debugging
logging 10.99.99.2
no cdp run
!
route-map PREPEND_OP2 permit 10
!
route-map BH-OP1 permit 10
match tag 66
set community XXXXX:666 XXXX:997
!
route-map OP4-IN permit 5
match ip address prefix-list ADRESY_OP4
set local-preference 250
!
route-map OP4-IN permit 10
match ip address prefix-list WORDIN-XBS
!
route-map MOP1-OUT permit 5
match ip address prefix-list only32
set community XXXX:666
!
route-map MOP1-OUT permit 10
match ip address 105
!
route-map OP2-IN permit 5
match ip address prefix-list ADRESY_OP2
set local-preference 250
!
route-map OP2-IN permit 10
match ip address prefix-list WORDIN-OP2
!
route-map PREPEND_OP3 permit 10
set as-path prepend XXXX XXXXX
!
route-map MOP1-IN permit 5
set local-preference 200
!
route-map MAOP2-OUT permit 10
match ip address 105
!
route-map MOP3-OUT permit 4
set as-path prepend XXXXX XXXXX XXXXX
!
route-map MOP3-OUT permit 5
match ip address prefix-list only32
set community XXXXX:997
!
route-map MOP3-OUT permit 10
match ip address 105
!
route-map OP3-IN permit 5
match ip address prefix-list ADRESY_OP3
set local-preference 250
!
route-map OP3-IN permit 10
match ip address prefix-list WORDIN-OP3
!
snmp-server community public RO 2
snmp-server location Poland
snmp-server contact XXX.XXX.pl
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps transceiver all
snmp-server enable traps bgp
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps errdisable
snmp-server host 10.99.99.29 version 2c public
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
banner motd ^CCUnauthorized access to this device is prohibited!^C
!
line con 0
line vty 0 4
access-class ssh in
login local
length 0
transport input ssh
line vty 5 15
login
transport preferred none
transport input none
!
!
end

Kyniu
wannabe
wannabe
Posty: 3595
Rejestracja: 04 lis 2006, 16:23
Kontakt:

Re: Problem z wydajnością 6500

#2

#2 Post autor: Kyniu »

IMHO z tych wykresów nie wynika nic niepokojącego. Średnie obciążenie 20% - nudzi Ci się ten Twój sprzęt.
CCNA: R&S, Security, Wireless, Collaboration. MCSE: Cloud Platform and Infrastructure, Server Infrastructure. ITIL: Foundation. PPL(A)
https://www.facebook.com/itserviceskielce/ :: https://www.linkedin.com/company/itservicespoland :: https://www.linkedin.com/in/krzysztofkania/

pencio
fresh
fresh
Posty: 5
Rejestracja: 27 mar 2017, 15:18

Re: Problem z wydajnością 6500

#3

#3 Post autor: pencio »

Średnie wychodzi ok ale bardziej martwią mnie skoki do 99% widać to na wykresie 72 hours

jwidel
member
member
Posty: 16
Rejestracja: 14 gru 2016, 00:26

Re: Problem z wydajnością 6500

#4

#4 Post autor: jwidel »

pencio pisze:Witam

Mam problem z wydajnością Cisco 6500 który robi za główny router w sieci

3 łącza BGP - pełne tablice odbierane
(...)
Występują piki obciążenia procesora które widać poniżej w wykresie 72 h

Zauważyłem, że najwięcej procesor męczy proces bgp scanner

(...)
9999999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999899999999999999999999999999998999999999999998999899
100 **********************************************************************
90 **********************************************************************
80 **********************************************************************
70 **********************************************************************
60 **********************************************************************
50 **********************************************************************
40 **********************************************************************
30 **********************************************************************
20 ################################################***###################
10 ######################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
(...)
Nie ma co sie dziwic, ze tak do wyglada. Dla wykresu 72h interwal 1min ( a co tyle BGP Scanner jest domsylnie uruchamiany) da ci taki a nie inny wykres. http://www.cisco.com/c/en/us/support/do ... ml#scanner

ODPOWIEDZ