Re: Hardware CEF entry usage is at 95% capacity on 7600

From: Johnny Phan (johnny_d_phan@hotmail.com)
Date: Mon Dec 15 2008 - 16:56:16 ARST

I apologize, what I meant is the full BGP table recently reached 240k.. So
everyone is correct, okay ;-) ?

I had the displeasure of finding that out the hard way. We had a 6500 with
sup2 getting full bgp routes. All of a sudden certain routes were not
reachable.

Johnny

----- Original Message -----
From: "Lars Christensen" <perseusdk@gmail.com>
To: <smorris@internetworkexpert.com>; "'Johnny Phan'"
<johnny_d_phan@hotmail.com>; "'ZZ'" <zurabz@gmail.com>; "'Cristea, Bogdan,
VF-RO'" <Bogdan.Cristea@vodafone.com>
Cc: "'Marko Milivojevic'" <markom@markom.info>; "'Pavel Bykov'"
<slidersv@gmail.com>; "'Cisco certification'" <ccielab@groupstudy.com>
Sent: Sunday, December 14, 2008 7:49 AM
Subject: RE: Hardware CEF entry usage is at 95% capacity on 7600

> Scott,
>
> As you said... It all depends... I just referenced the latest analysis
> from
> cidr-report.org, which actually is not that far from the tables my routers
> receive on a daily basis.
>
> In the end, most could actually work just fine with a default route :)
>
> Regards,
> Lars
>
> -----Original Message-----
> From: Scott Morris [mailto:smorris@internetworkexpert.com]
> Sent: 14. december 2008 16:43
> To: 'Lars Christensen'; 'Johnny Phan'; 'ZZ'; 'Cristea, Bogdan, VF-RO'
> Cc: 'Marko Milivojevic'; 'Pavel Bykov'; 'Cisco certification'
> Subject: RE: Hardware CEF entry usage is at 95% capacity on 7600
>
> Bogus? I think that will depend on who you are getting your feed through
> and what aggregation points may exist over one path but not another! (or
> what policies)
>
> I think it's more perspective that bogus or not! ;)
>
>
> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> Senior CCIE Instructor
>
> smorris@internetworkexpert.com
>
>
>
> Knowledge is power.
> Power corrupts.
> Study hard and be Eeeeviiiil......
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Lars
> Christensen
> Sent: Sunday, December 14, 2008 6:12 AM
> To: 'Johnny Phan'; 'ZZ'; 'Cristea, Bogdan, VF-RO'
> Cc: 'Marko Milivojevic'; 'Pavel Bykov'; 'Cisco certification'
> Subject: RE: Hardware CEF entry usage is at 95% capacity on 7600
>
> Johnny,
>
> That seems to be bogus information. Just take a look at the latest report
> from cidr-report.org. The number is more like 282k routes at the moment.
>
> Regards,
> Lars Lystrup Christensen
> CCIE #20292
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Johnny Phan
> Sent: 14. december 2008 03:44
> To: ZZ; Cristea, Bogdan, VF-RO
> Cc: Marko Milivojevic; Pavel Bykov; Cisco certification
> Subject: Re: Hardware CEF entry usage is at 95% capacity on 7600
>
> 240k is the number of BGP routes out there at the moment.
>
> Johnny
>
> ----- Original Message -----
> From: "ZZ" <zurabz@gmail.com>
> To: "Cristea, Bogdan, VF-RO" <Bogdan.Cristea@vodafone.com>
> Cc: "Marko Milivojevic" <markom@markom.info>; "Pavel Bykov"
> <slidersv@gmail.com>; "Cisco certification" <ccielab@groupstudy.com>
> Sent: Wednesday, December 03, 2008 7:15 AM
> Subject: Re: Hardware CEF entry usage is at 95% capacity on 7600
>
>
>> this is excellent explanation!
>>
>> Thank you
>>
>> On Wed, Dec 3, 2008 at 2:17 AM, Cristea, Bogdan, VF-RO <
>> Bogdan.Cristea@vodafone.com> wrote:
>>
>>> Hi all,
>>> Hope the bellow explication helps:
>>>
>>>
>>> Because the 7600 uses FIB downloaded in the PFC there is the following
>>> scenario:
>>> If you inject in RIB a number of routes larger then the maximum routes
>>> for the supervisor you own then you will reach the case when the desired
>>> FIB for download into PFC is larger that the maximum defined and you
>>> will get that message.
>>>
>>> show mls cef maximum-routes
>>> FIB TCAM maximum routes :
>>> =======================
>>> Current :-
>>> -------
>>> IPv4 + MPLS - 192k (default)
>>> IPv6 + IP Multicast - 32k (default)
>>>
>>> The event will trigger an exception leading to exception state set to
>>> TRUE for the type of routes for which you reached the maximum routes
>>>
>>> The normal output would be:
>>> show mls cef exception status
>>> Current IPv4 FIB exception state = FALSE
>>> Current IPv6 FIB exception state = FALSE
>>> Current MPLS FIB exception state = FALSE
>>>
>>>
>>> You can also check that you hit the exception looking in the output of
>>> show mls cef at the start.
>>>
>>>
>>> There are 2 solutions:
>>>
>>> 1. power cycle the router
>>> 2. if you have a redundant supervisor:
>>> Power cycle the standby supervisor (this will enforce the
>>> download of the current FIB in the PFC
>>> Check that after the reload the command "remote command
>>> standby-sp show mls cef exception status" shows you false for each
>>> exception state
>>> Then perform a switchover. If the old active supervisor does not
>>> reboot you will need also to power cycle it manually.
>>>
>>> I had the same problem on a 7600 box and resolved via solution number 2.
>>> The behaviour before resolving the problem was random packet drops.
>>> Also if I was transforming to process switching the packet forwarding
>>> was ok
>>>
>>> The solution with new ios works because you actually need to power cycle
>>> the box/supervisors but not because the ios version is the root cause.
>>>
>>> Take care when you perform the steps in order to not disrupt your live
>>> services :)
>>>
>>> Bogdan Cristea
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>> Marko Milivojevic
>>> Sent: 02 December 2008 21:43
>>> To: ZZ
>>> Cc: Pavel Bykov; Cisco certification
>>> Subject: Re: Hardware CEF entry usage is at 95% capacity on 7600
>>>
>>> On Tue, Dec 2, 2008 at 16:09, ZZ <zurabz@gmail.com> wrote:
>>> > I totally agree, it shouldn't crash, maximum it should it is to
>>> disable CEF.
>>> >
>>> > I'm running 12.2(33)SRB2
>>>
>>> Well, it can't disable CEF as it has no other forwarding mechanism
>>> available. It should drop flows that it has no space for. Now that I
>>> see what IOS you are running -- run from it and run fast :-). That one
>>> is trouble. I believe they are up to SRB5 now.
>>>
>>> --
>>> Marko
>>> CCIE #18427 (SP)
>>> My network blog: http://cisco.markom.info/
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST