Posted by a. Rahman Isnaini r. Sutan on April 15, 2008
Using STP for Redundancy, gives you :
- Resilience Time about 2 seconds for Link Recovery once primary trunk goes down and took over by the second one
- Resilience Time about 25 seconds for Link Recovery once primary trunk goes up and took over the link from the secondary trunk
Connection Scheme :
a. SWITCH 1 [SW1] -> VTP Server domain : cluster1.internal.net
- Port F0/1 Trunked to Port F0/2 [SW2]
- Port F0/2 Trunked to Port F0/1 [SW3]
- Port F0/24 Vlan Access 20 to PC-A
b. SWITCH 2 [SW2] VTP client domain : cluster1.internal.net
- Port F0/1 Trunked to Port F0/2 [SW3]
- Port F0/2 Trunked to Port F0/1 [SW1]
c. SWITCH 3 [SW3] VTP client domain : cluster1.internal.net
- Port F0/1 Trunked to Port F0/2 [SW1]
- Port F0/2 Trunked to Port F0/1 [SW2]
- Port F0/24 Vlan Access 20 to PC-B
Read the rest of this entry »
Posted in Cisco | No Comments »
Posted by a. Rahman Isnaini r. Sutan on April 15, 2008
From we have been through for years, High CPU may caused by :
a. IP Input
b. BGP Router
c. BGP Scanner
d. Virtual Exec
as they seen in below captured realtime cpu process :
CPU utilization for five seconds: 18%/18%; one minute: 20%; five minutes: 21%
47 2297526152-2139485143 0 0.07% 0.08% 0.11% 0 IP Input
126 12 1483 8 0.00% 0.00% 0.00% 2 Virtual Exec
133 15002844 84059163 178 0.15% 0.01% 0.00% 0 BGP Router
136 688579928 4168349 165198 0.00% 1.98% 2.61% 0 BGP Scanner
Suggestion :
1. IP Input
- Check Number of & Move IP Secondaries on one interface, simplify !
- Check MLPPP / CEF load balancing config, replace with Inverse MUX
- Enable “ip cef” in global config
- Enable “ip route-cache same interface” on interface
- Enable “ip route-cache cef” on interface
- Check “ip nbar protocol discovery” on interface, disabled if it’s not needed !
- Check number of access-list rows
- Remove “log” sufix in access-list if it’s not needed
- Simplify your access-list by aggregating or use null 0 to block specific IP/Prefix
- Check service policy and how it matches the conditions (acl, prefix, ect), simplify !
- Check policy map and how it matches the conditions (acl, prefix, ect), simplify !
2. BGP Routing & Scanning
- Enable Fast switching [CEF]
- Filter more routes or internet routing table size (not full route)
- Check your Memory & Upgrade if needed
- Simplify your BGP config
- Simplify neighbors (peer-group).
3. Virtual Exec
- Check & Limit VTY
- Restrict VTY idle time login
- Check logging console > disabled
- Check Logging monitor > disabled
Other thing, simplify your config by removing any unused :
- access-list
- policy-map
- route-map
- prefix-list
- as-path access-list
- static routes
- BackUp your config periodically or even in shortime, should changes always made to this engine.
a. rahman isnaini r.sutan
2404:170:253::10
Posted in BGP, Cisco, technologies | 1 Comment »
