[Cisco] Catalyst6500 แสดงข้อมูลของ Hardware capacity

โดยใช้ Command
 #show platform hardware capacity
System Resources
  PFC operating mode: PFC3BXL
  Supervisor redundancy mode: administratively sso, operationally sso
  Switching resources: Module   Part number               Series      CEF mode
                       1        WS-X6704-10GE             CEF720           CEF
                       5        WS-SUP720-3BXL        supervisor           CEF
                       6        WS-SUP720-3BXL        supervisor           CEF
                       8        WS-X6148-GE-TX           classic           CEF
                       9        WS-X6748-GE-TX            CEF720           CEF

Power Resources
  Power supply redundancy mode: administratively redundant
                                operationally redundant
  System power: 2771W, 0W (0%) inline, 1864W (67%) total allocated
  Powered devices: 0 total, 0 Class3, 0 Class2, 0 Class1, 0 Class0, 0 Cisco

Flash/NVRAM Resources
  Usage: Module Device               Bytes:      Total          Used     %Used
         1      dfc#1-bootflash:              32768000             0        0%
         5  RP  bootflash:                    65536000             0        0%
         5  SP  disk0:                       512024576     184082432       36%
         5  SP  sup-bootdisk:                512073728     145973248       29%
         5  SP  const_nvram:                    129004           796        1%
         5  SP  nvram:                         1964024         67657        3%
         6      slavenvram:                    1964024         67657        3%
         6      slaveconst_nvram:               129004           796        1%
         6      slavedisk0:                  512024576     184082432       36%
         6      slavesup-bootdisk:           512073728     145973248       29%
         6      slavebootflash:               65536000             0        0%
         9      dfc#9-bootflash:              15990784             0        0%

CPU Resources
  CPU utilization: Module             5 seconds       1 minute       5 minutes
                   1                   1% /  1%             1%              1%
                   5  RP               6% /  1%             7%              7%
                   5  SP              17% /  1%            19%             18%
                   6  RP               1% /  0%             1%              1%
                   6  SP               9% /  1%             6%              6%
                   9                   1% /  0%             1%              1%
  Processor memory: Module   Bytes:       Total           Used           %Used
                    1                 206486208       41116192             20%
                    5  RP             897485968      373996860             42%
                    5  SP             886289680      222767864             25%
                    6  RP             897466608      168651900             19%
                    6  SP             874521564      204020732             23%
                    9                 206486208       41128408             20%
  I/O memory: Module         Bytes:       Total           Used           %Used
              5  RP                    67108864       21605604             32%
              5  SP                    67108864       20823512             31%
              6  RP                    67108864       21605604             32%
              6  SP                    67108864       19021272             28%

EOBC Resources
  Module                     Packets/sec     Total packets     Dropped packets
  1          Rx:                      12        4248130956                   0
             Tx:                       6         464306499                   3
  5  RP      Rx:                      69        1732053305                1763
             Tx:                      69        1741759073                   0
  5  SP      Rx:                      30        1089260160                 953
             Tx:                      35        1203664866                   0
  6  RP      Rx:                       0          51723463                  18
             Tx:                       0          46963840                   0
  6  SP      Rx:                      11         263249819                 389
             Tx:                      11         259160696                   0
  9          Rx:                      23        2962811654                   0
             Tx:                      17         377120096                   3

VLAN Resources
  VLANs: 4094 total, 9 VTP, 0 extended, 42 internal, 4043 free

L2 Forwarding Resources
           MAC Table usage:   Module  Collisions  Total       Used       %Used
                              5                0  65536         55          1%
                              6                0  65536         55          1%

             VPN CAM usage:                       Total       Used       %Used
                                                    512          0          0%
L3 Forwarding Resources
             FIB TCAM usage:                     Total        Used       %Used
                  72 bits (IPv4, MPLS, EoM)     524288      359448         69%
                 144 bits (IP mcast, IPv6)      262144           8          1%

                     detail:      Protocol                    Used       %Used
                                  IPv4                      359446         69%
                                  MPLS                           1          1%
                                  EoM                            1          1%

                                  IPv6                           1          1%
                                  IPv4 mcast                     4          1%
                                  IPv6 mcast                     3          1%

            Adjacency usage:                     Total        Used       %Used
                                               1048576         244          1%

     Forwarding engine load:
                     Module       pps   peak-pps                     peak-time
                     5        1489697    5291191  13:30:40 GMT Wed Jan 19 2011
                     6        1491511    2462509  14:43:50 GMT Thu Mar 10 2011

Netflow Resources
          TCAM utilization:       Module       Created      Failed       %Used
                                  5                  0           0          0%
                                  6                  0           0          0%
          ICAM utilization:       Module       Created      Failed       %Used
                                  5                  0           0          0%
                                  6                  0           0          0%

                 Flowmasks:   Mask#   Type        Features
                      IPv4:       0   reserved    none
                      IPv4:       1   unused      none
                      IPv4:       2   unused      none
                      IPv4:       3   reserved    none

                      IPv6:       0   reserved    none
                      IPv6:       1   unused      none
                      IPv6:       2   unused      none
                      IPv6:       3   reserved    none

CPU Rate Limiters Resources
             Rate limiters:       Total         Used      Reserved       %Used
                    Layer 3           9            4             1         44%
                    Layer 2           5            3             3         60%

ACL/QoS TCAM Resources
  Key: ACLent - ACL TCAM entries, ACLmsk - ACL TCAM masks, AND - ANDOR,
       QoSent - QoS TCAM entries, QOSmsk - QoS TCAM masks, OR - ORAND,
       Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source,
       LOUdst - LOU destination, ADJ - ACL adjacency

  Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst  AND  OR  ADJ
  5          1%     4%     1%     1%     1%     1%     0%     0%   0%  0%   1%
  6          1%     5%     1%     1%     1%     1%     0%     0%   0%  0%   1%

L3 Multicast Resources
  IPv4 replication mode: ingress
  IPv6 replication mode: ingress
  Bi-directional PIM Designated Forwarder Table usage: 4 total, 0 (0%) used
  Replication capability: Module                              IPv4        IPv6
                          1                                 egress      egress
                          5                                 egress      egress
                          6                                 egress      egress
                          8                                ingress     ingress
                          9                                 egress      egress
  MET table Entries: Module                             Total    Used    %Used
                     5                                  65516       6       1%
                     6                                  65516       0       0%

QoS Policer Resources
  Aggregate policers: Module                      Total         Used     %Used
                      5                            1024            4        1%
  Microflow policer configurations: Module        Total         Used     %Used
                                    5                64            1        1%

Switch Fabric Resources
  Bus utilization: current: 13%, peak was 30% at 11:53:24 GMT Mon Dec 27 2010
  Fabric utilization:     Ingress                    Egress
    Module  Chanl  Speed  rate  peak                 rate  peak
    1       0        20G   19%   35% @16:42 24Jan11    8%   24% @14:43 10Mar11
    1       1        20G    8%   24% @14:43 10Mar11   19%   33% @16:42 24Jan11
    5       0        20G    0%    9% @09:16 22Sep10    1%   12% @13:23 19Oct10
    6       0         8G    0%    3% @06:09 12Mar11    0%   13% @15:07 21Sep10
    9       0        20G    0%    0%                   0%    1% @15:30 13Mar11
    9       1        20G    8%   13% @14:10 14Mar11    7%   14% @16:42 24Jan11
  Switching mode: Module                                        Switching mode
                  1                                                       acef
                  5                                                        bus
                  6                                                   crossbar
                  9                                                       acef

Interface Resources
  Interface drops:
    Module    Total drops:    Tx            Rx      Highest drop port:  Tx  Rx
    1                          0        104569                           0   1
    5                    1677977             0                           1   0
    8                 1470024353             0                           1   0
    9                   11438542           303                          15   9

  Interface buffer sizes:
    Module                            Bytes:     Tx buffer           Rx buffer
    1     (asic-1)                                14622592             2064768
    8     (asic-1)                                 1081344              147456
    9     (asic-1)                                 1221120              173504
IBC Resources
  Module                     Packets/sec     Total packets     Dropped packets
  5  RP      Rx:                      84       30840270998                   0
             Tx:                      79       30697177109                   0
  5  SP      Rx:                       2          55443200                   0
             Tx:                      13         263401704                   0
  6  RP      Rx:                       0           1258984                   0
             Tx:                       0           1258984                   0
  6  SP      Rx:                       0           1484137                   0
             Tx:                       0           1259144                   0

SPAN Resources
  Source sessions: 16 maximum, 0 used
    Type                             Max      Used
    Local                              2(*)      0
    Local-tx                          14         0
    RSPAN source                       2(*)      0
    ERSPAN source                      2(*)      0
    Capture                            1(*)      0
    Service module                     1(*)      0
    OAM loopback                       1(*)      0
      * - shared source sessions and the total can not exceed 2
  Destination sessions: 64 maximum, 0 used
    Type                             Max      Used
    RSPAN destination                 64(*)      0
    ERSPAN destination                23(*)      0
      * - shared destination sessions and the total can not exceed 64

Multicast LTL Resources
  Usage:   30656 Total, 640 Used

[Cisco] IOS Order of Operations

Interface input/output oder-of-operation

Ingress Features Egress Features
1. Virtual Reassembly * 1. Output IOS IPS Inspection
2. IP Traffic Export (RITE) 2. Output WCCP Redirect
3. QoS Policy Propagation through BGP (QPPB) 3. NM-CIDS
4. Ingress Flexible NetFlow * 4. NAT Inside-to-Outside or NAT Enable *
5. Network Based Application Recognition (NBAR) 5. Network Based Application Recognition (NBAR)
6. Input QoS Classification 6. BGP Policy Accounting
7. Ingress NetFlow * 7. Lawful Intercept
8. Lawful Intercept 8. Check crytpo map ACL and mark for encryption
9. IOS IPS Inspection (inbound) 9. Output QoS Classification
10. Input Stateful Packet Inspection (IOS FW) * 10. Output ACL check (if not marked for encryption)
11. Check reverse crypto map ACL 11. Crypto outbound ACL check (if marked for encryption)
12. Input ACL (unless existing NetFlow record was found) 12. Output Flexible Packet Matching (FPM)
13. Input Flexible Packet Matching (FPM) 13. DoS Tracker
14. IPsec Decryption (if encrypted) 14. Output Stateful Packet Inspection (IOS FW) *
15. Crypto inbound ACL check (if packet had been encrypted) 15. TCP Intercept
16. Unicast RPF check 16. Output QoS Marking
17. Input QoS Marking 17. Output Policing (CAR)
18. Input Policing (CAR) 18. Output MAC/Precedence Accounting
19. Input MAC/Precedence Accounting 19. IPsec Encryption
20. NAT Outside-to-Inside * 20. Output ACL check (if encrypted)
21. Policy Routing 21. Egress NetFlow *
22. Input WCCP Redirect 22. Egress Flexible NetFlow *
23. Egress RITE
24. Output Queuing (CBWFQ, LLQ, WRED)

* A note about virtual-reassembly

Credit h**p://http://etherealmind.com/cisco-ios-order-of-operation/

[Cisco] BGP Order of Operation

For inbound updates the order of preference is:
  - route-map
  - filter-list
  - prefix-list, distribute-list

For outbound updates the order of preference is:
  - prefix-list, distribute-list
  - filter-list
  - route-map

Note: The attributes prefix-list and distribute-list are mutually exclusive, and only one command (neighbor prefix-list or neighbor distribute-list) can be applied to each inbound or outbound direction for a particular neighbor.

[Cisco] NAT Order of Operation

Inside-to-Outside

  • If IPSec then check input access list
  • decryption – for CET (Cisco Encryption Technology) or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • redirect to web cache
  • policy routing
  • routing
  • NAT inside to outside (local to global translation)
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect (Context-based Access Control (CBAC))
  • TCP intercept
  • encryption
  • Queueing

Outside-to-Inside

  • If IPSec then check input access list
  • decryption – for CET or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • redirect to web cache
  • NAT outside to inside (global to local translation)
  • policy routing
  • routing
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect CBAC
  • TCP intercept
  • encryption
  • Queueing

[Cisco] VRF Management

เราสร้าง vrf management เพื่อใช้ management เช่น telnet หรือ copy config ไปยัง tftp ที่อยู่ภายใต้ vrf interface

conf t
ip tftp source-interface vlan 100
ip vrf management
  rd 1:1
interface vlan100
  description ## Management  ##
  ip vrf forwarding management
  ip address 192.168.1.1 255.255.255.0
exit
access-list 100 permit 192.168.1.0 0.0.0.255
line vty 0 4
  access-class 100 in vrf-also
end
#copy startup-config tftp://192.168.1.100

Transparent proxy with Squid and Cisco router

[Network Diagram]
[LAN:Client]<——>[Cisco Router]<——–>{Internet Clound}<——–>[Linux]
Loopback Interface: 10.10.255.4/32
LAN Interface: 10.10.255.128/26
Internet Interface: 10.10.210.150/30
Linux box: 10.10.175.36
Reference h**p://inetpro.org/wiki/Squid_WCCP
Configuration on Linux (Ubuntu 10.10 Server)
$ sudo apt-get install squid3
$ sudo vi /etc/squid3/squid.conf
http_port 3128 intercept
acl lan_client src 10.10.255.128/26
http_access allow lan_client
wccp2_router 10.10.210.150
wccp_version 4
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service standard 0 password=cisco
$ modprobe ip_gre
$ ip tunnel add wccp0 mode gre remote 10.10.255.4 local 10.10.175.36 dev eth0
$ ifconfig wccp0 1.1.1.1 netmask 255.255.255.255 up
$ sudo vi /etc/sysctl.conf
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
$sudo sysctl -p
IPTABLES Rules
$ sudo iptables -A INPUT -p udp -s 10.10.210.150 –dport 2048 -j ACCEPT
$ sudo iptables -A INPUT -p 47 -s 10.10.255.4 -j ACCEPT
$ sudo iptables -t nat -A PREROUTING -i wccp0 -p tcp –dport 80 -j REDIRECT –to-port 3128
$ sudo /etc/init.d/squid3 start
$ ip tunnel show
gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
wccp0: gre/ip  remote 10.10.255.4  local 10.10.175.36  dev eth0  ttl inherit
$ ifconfig wccp0
wccp0     Link encap:UNSPEC  HWaddr 3D-5A-AF-24-00-00-88-E0-00-00-00-00-00-00-00-00
inet addr:1.1.1.1  P-t-P:1.1.1.1  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
RX packets:1744 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:272018 (272.0 KB)  TX bytes:0 (0.0 B)
$ sudo tail -f /var/log/squid3/cache.log
$ sudo tail -f /var/log/squid3/access.log
#==============================================
Configuration on Cisco Router
#sh ver
Cisco IOS Software, 3800 Software (C3825-ADVIPSERVICESK9-M), Version 12.4(10), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 16-Aug-06 05:13 by prod_rel_team
conf t
ip wccp web-cache version 2
ip wccp web-cache redirect-list wccp_client password cisco
ip access-list standard wccp
permit 10.10.255.131
interface loopback0
ip address 10.10.255.4 255.255.255.255
interface x/y
desc ## LAN ##
ip address 10.10.255.129 255.255.255.192
ip wccp web-cache redirect in
interface x/y
desc ## Internet ##
ip address 10.10.210.150 255.255.255.252
#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier:                   10.10.255.4
Protocol Version:                    2.0
Service Identifier: web-cache
Number of Service Group Clients:     1
Number of Service Group Routers:     1
Total Packets s/w Redirected:        2176
Process:                           3
Fast:                              0
CEF:                               2173
Redirect access-list:                wccp_client
Total Packets Denied Redirect:       648454
Total Packets Unassigned:            0
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0
#sh ip wccp web-cache detail
WCCP Client information:
WCCP Client ID:          10.10.175.36
Protocol Version:        2.0
State:                   Usable
Initial Hash Info:       00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment:          256 (100.00%)
Packets s/w Redirected:  2176
Connect Time:            01:11:08
Bypassed Packets
Process:               0
Fast:                  0
CEF:                   0

[Cisco] Catalyst6500 High CPU from Virtual Exec

คุณเคยประสบปัญหา High CPU บน Catalyst6500 แล้ว Show process cpu พบว่า process Virtual Exec มีการใช้งาน CPU สูง อาจจะเกิดจากการใช้คำสั่ง  show running  แล้วขนาดของ config และ จำนวน interfaces ที่ค่อนข้่างมาก

วิธีนี้ช่วยคุณได้

conf t

! Enable parser cache, Default is enabled

6500(config)#parser cache

6500(config)#parser config cache interface

6500#show running   <– ในการใช้คำสั่งครั้งแรกจะช้า ครับแต่ว่าครั้งต่อไปจะเร็วขึ้น

ลองดูครับ