Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
L2TP sessions on 7200
achatz at forthnet
Jul 25, 2003, 4:14 AM
Post #1 of 6 (3161 views)
Permalink
I have read a lot of conversations about 7200 and the max number of l2tp sessions it can
support, but all the answers are making me think that there is something wrong with my
case. My router doesn't even seem capable of reaching 1000 sessions.

I have a 7206 (NPE-300) and with 550 sessions it reaches 50% - 60% cpu load.
Is there anything i can do in order to decrease it?
"ip cef" doesn't seem to do anything...



IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(15)T5, RELEASE SOFTWARE (fc1)
....
cisco 7206VXR (NPE300) processor (revision D) with 229376K/65536K bytes of memory.
Processor board ID 21275620
R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache
6 slot VXR midplane, Version 2.1
....

router#sh proc cpu
CPU utilization for five seconds: 51%/14%; one minute: 56%; five minutes: 56%
...
45 3673508 23757648 154 13.81% 14.27% 14.10% 0 IP Input
...
119 5703560 21918620 260 17.22% 20.33% 20.45% 0 L2X Data Daemon
...
143 610208 28956 21073 1.79% 1.76% 1.76% 0 VTEMPLATE Backgr
...

This is what worries me most:

router#sh interfaces stat
FastEthernet0/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 180987 70971343 189373 75804748
Route cache 70067 34190251 88442 35201066
Total 251054 105161594 277815 111005814

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************
Re: L2TP sessions on 7200 [ In reply to ]
sthaug at nethelp
Jul 25, 2003, 4:20 AM
Post #2 of 6 (3091 views)
Permalink
> I have read a lot of conversations about 7200 and the max number of l2tp sessions it can
> support, but all the answers are making me think that there is something wrong with my
> case. My router doesn't even seem capable of reaching 1000 sessions.
>
> I have a 7206 (NPE-300) and with 550 sessions it reaches 50% - 60% cpu load.
> Is there anything i can do in order to decrease it?
> "ip cef" doesn't seem to do anything...

We found when doing L2TP termination that there's a big difference
between the number of L2TP sessions you can handle in the steady state,
and the number you can handle when you have a lot of signaling (L2TP
sessions going up & down). The signaling traffic seems to chew up a lot
of CPU.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no
RE: L2TP sessions on 7200 [ In reply to ]
vfayet at cisco
Jul 25, 2003, 5:15 AM
Post #3 of 6 (3085 views)
Permalink
Not only the number of session and the dis/connection is important but
also the rate (pps) per active session is quite important.

I imagine you have already checked any issue regarding fragmentation and
probably you already use the adjust-mss feature.

Cheers

Vincent

------------------------------------------------------------------------
---------------
Vincent Fayet
Systems Engineer
Cisco Systems
------------------------------------------------------------------------
---------------


> -----Original Message-----
> From: sthaug@nethelp.no [mailto:sthaug@nethelp.no]
> Sent: vendredi 25 juillet 2003 13:20
> To: achatz@forthnet.gr
> Cc: cisco-bba@puck.nether.net
> Subject: Re: [cisco-bba] L2TP sessions on 7200
>
>
> > I have read a lot of conversations about 7200 and the max
> number of l2tp sessions it can
> > support, but all the answers are making me think that there
> is something wrong with my
> > case. My router doesn't even seem capable of reaching 1000 sessions.
> >
> > I have a 7206 (NPE-300) and with 550 sessions it reaches
> 50% - 60% cpu load.
> > Is there anything i can do in order to decrease it?
> > "ip cef" doesn't seem to do anything...
>
> We found when doing L2TP termination that there's a big difference
> between the number of L2TP sessions you can handle in the
> steady state,
> and the number you can handle when you have a lot of signaling (L2TP
> sessions going up & down). The signaling traffic seems to
> chew up a lot
> of CPU.
>
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba
>
Re: L2TP sessions on 7200 [ In reply to ]
achatz at forthnet
Jul 25, 2003, 5:42 AM
Post #4 of 6 (3089 views)
Permalink
Vincent Fayet (vfayet) wrote:
> Not only the number of session and the dis/connection is important but
> also the rate (pps) per active session is quite important.
>

We have pstn 56 and isdn 64/128 customers terminating on this router, using an average of
8-10pps for each active session. But nearly half of all sessions are sitting idle.

> I imagine you have already checked any issue regarding fragmentation and
> probably you already use the adjust-mss feature.
>

How do i check for any fragmentation issues?
Does the following command provide any usefull info and how do i clear the statistics?

router#sh ip traffic
IP statistics:
Rcvd: 72240344 total, 2143924 local destination
359 format errors, 20 checksum errors, 1148 bad hop count
0 unknown protocol, 0 not a gateway
0 security failures, 0 bad options, 3907 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 3907 alert, 0 cipso, 0 ump
0 other
Frags: 654631 reassembled, 162 timeouts, 0 couldn't reassemble
8098104 fragmented, 8 couldn't fragment
Bcast: 39861 received, 0 sent
Mcast: 1276402 received, 30849 sent
Sent: 404825 generated, 66810550 forwarded
Drop: 326 encapsulation failed, 179 unresolved, 0 no adjacency
54200 no route, 0 unicast RPF, 0 forced drop

Also, configuring "ip tcp adjust-mss 1420" under the vtemplate doesn't seem to make any
big difference (maybe 5% down). But i'm worrying for any client problems that may arise
from such a change.

> Cheers
>
> Vincent
>
> ------------------------------------------------------------------------
> ---------------
> Vincent Fayet
> Systems Engineer
> Cisco Systems
> ------------------------------------------------------------------------
> ---------------
>
>
>
>>-----Original Message-----
>>From: sthaug@nethelp.no [mailto:sthaug@nethelp.no]
>>Sent: vendredi 25 juillet 2003 13:20
>>To: achatz@forthnet.gr
>>Cc: cisco-bba@puck.nether.net
>>Subject: Re: [cisco-bba] L2TP sessions on 7200
>>
>>
>>
>>>I have read a lot of conversations about 7200 and the max
>>
>>number of l2tp sessions it can
>>
>>>support, but all the answers are making me think that there
>>
>>is something wrong with my
>>
>>>case. My router doesn't even seem capable of reaching 1000 sessions.
>>>
>>>I have a 7206 (NPE-300) and with 550 sessions it reaches
>>
>>50% - 60% cpu load.
>>
>>>Is there anything i can do in order to decrease it?
>>>"ip cef" doesn't seem to do anything...
>>
>>We found when doing L2TP termination that there's a big difference
>>between the number of L2TP sessions you can handle in the
>>steady state,
>>and the number you can handle when you have a lot of signaling (L2TP
>>sessions going up & down). The signaling traffic seems to
>>chew up a lot
>>of CPU.
>>
>>Steinar Haug, Nethelp consulting, sthaug@nethelp.no
>>_______________________________________________
>>cisco-bba mailing list
>>cisco-bba@puck.nether.net
>>http://puck.nether.net/mailman/listinfo/cisco-bba
>>
>
>

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************
Re: L2TP sessions on 7200 [ In reply to ]
dpeng at cisco
Jul 28, 2003, 10:55 AM
Post #5 of 6 (3091 views)
Permalink
Anastassios Chatzithomaoglou [achatz@forthnet.gr] wrote:
>
>
> Vincent Fayet (vfayet) wrote:
> >Not only the number of session and the dis/connection is important but
> >also the rate (pps) per active session is quite important.
> >
>
> We have pstn 56 and isdn 64/128 customers terminating on this router, using
> an average of 8-10pps for each active session. But nearly half of all
> sessions are sitting idle.
>
> >I imagine you have already checked any issue regarding fragmentation and
> >probably you already use the adjust-mss feature.
> >
>
> How do i check for any fragmentation issues?
> Does the following command provide any usefull info and how do i clear the
> statistics?

You can't clear these statistics, so the only way to tell the rate at
which you are getting fragments is to get two snapshots of "show ip
traffic" and see what the delta is compared to the time differential.

Dennis

> router#sh ip traffic
> IP statistics:
> Rcvd: 72240344 total, 2143924 local destination
> 359 format errors, 20 checksum errors, 1148 bad hop count
> 0 unknown protocol, 0 not a gateway
> 0 security failures, 0 bad options, 3907 with options
> Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
> 0 timestamp, 0 extended security, 0 record route
> 0 stream ID, 0 strict source route, 3907 alert, 0 cipso, 0 ump
> 0 other
> Frags: 654631 reassembled, 162 timeouts, 0 couldn't reassemble
> 8098104 fragmented, 8 couldn't fragment
> Bcast: 39861 received, 0 sent
> Mcast: 1276402 received, 30849 sent
> Sent: 404825 generated, 66810550 forwarded
> Drop: 326 encapsulation failed, 179 unresolved, 0 no adjacency
> 54200 no route, 0 unicast RPF, 0 forced drop
>
> Also, configuring "ip tcp adjust-mss 1420" under the vtemplate doesn't seem
> to make any big difference (maybe 5% down). But i'm worrying for any client
> problems that may arise from such a change.
>
> >Cheers
> >
> >Vincent
> >
> >------------------------------------------------------------------------
> >---------------
> >Vincent Fayet
> >Systems Engineer
> >Cisco Systems
> >------------------------------------------------------------------------
> >---------------
> >
> >
> >
> >>-----Original Message-----
> >>From: sthaug@nethelp.no [mailto:sthaug@nethelp.no]
> >>Sent: vendredi 25 juillet 2003 13:20
> >>To: achatz@forthnet.gr
> >>Cc: cisco-bba@puck.nether.net
> >>Subject: Re: [cisco-bba] L2TP sessions on 7200
> >>
> >>
> >>
> >>>I have read a lot of conversations about 7200 and the max
> >>
> >>number of l2tp sessions it can
> >>
> >>>support, but all the answers are making me think that there
> >>
> >>is something wrong with my
> >>
> >>>case. My router doesn't even seem capable of reaching 1000 sessions.
> >>>
> >>>I have a 7206 (NPE-300) and with 550 sessions it reaches
> >>
> >>50% - 60% cpu load.
> >>
> >>>Is there anything i can do in order to decrease it?
> >>>"ip cef" doesn't seem to do anything...
> >>
> >>We found when doing L2TP termination that there's a big difference
> >>between the number of L2TP sessions you can handle in the
> >>steady state,
> >>and the number you can handle when you have a lot of signaling (L2TP
> >>sessions going up & down). The signaling traffic seems to
> >>chew up a lot
> >>of CPU.
> >>
> >>Steinar Haug, Nethelp consulting, sthaug@nethelp.no
> >>_______________________________________________
> >>cisco-bba mailing list
> >>cisco-bba@puck.nether.net
> >>http://puck.nether.net/mailman/listinfo/cisco-bba
> >>
> >
> >
>
> --
> ***********************************
> Chatzithomaoglou Anastasios
> Network Design & Operations Center
> FORTHnet S.A.
> <achatz@forthnet.gr>
> ***********************************
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba
Re: L2TP sessions on 7200 [ In reply to ]
achatz at forthnet
Aug 5, 2003, 9:35 AM
Post #6 of 6 (3083 views)
Permalink
I finally found what was the reason of process switched traffic and the high cpu load.

One of ours vpdn customers uses its own radius server in order to pass aaa attributes to
its dialup clients. But it also passes "ip tcp header compression" to all its clients, so
we had 500+ vaccess interfaces with tcp header compression enabled!!!

After disabling it, the cpu went down to 15%!!!

I couldn't imagine that tcp header compression could make such a difference (CPU x 3).

Thx to Dennis & Vincent for helping me out ;-)

Anastassios Chatzithomaoglou wrote:

> I have read a lot of conversations about 7200 and the max number of l2tp
> sessions it can support, but all the answers are making me think that
> there is something wrong with my case. My router doesn't even seem
> capable of reaching 1000 sessions.
>
> I have a 7206 (NPE-300) and with 550 sessions it reaches 50% - 60% cpu
> load.
> Is there anything i can do in order to decrease it?
> "ip cef" doesn't seem to do anything...
>
>
>
> IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(15)T5, RELEASE
> SOFTWARE (fc1)
> ....
> cisco 7206VXR (NPE300) processor (revision D) with 229376K/65536K bytes
> of memory.
> Processor board ID 21275620
> R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache
> 6 slot VXR midplane, Version 2.1
> ....
>
> router#sh proc cpu
> CPU utilization for five seconds: 51%/14%; one minute: 56%; five
> minutes: 56%
> ...
> 45 3673508 23757648 154 13.81% 14.27% 14.10% 0 IP Input
> ...
> 119 5703560 21918620 260 17.22% 20.33% 20.45% 0 L2X Data
> Daemon
> ...
> 143 610208 28956 21073 1.79% 1.76% 1.76% 0 VTEMPLATE
> Backgr
> ...
>
> This is what worries me most:
>
> router#sh interfaces stat
> FastEthernet0/0
> Switching path Pkts In Chars In Pkts Out Chars Out
> Processor 180987 70971343 189373 75804748
> Route cache 70067 34190251 88442 35201066
> Total 251054 105161594 277815 111005814
>

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal