IPSec error

Unanswered Question

Hi,

we are using Cisco 7206 router with VAM2+ module. the output of the command "show crypto engine accelerator statistic" is included in the attachment.

I want to know In the output of "show crypto engine accelerator statistic" command, what is the significance of "ppq full errors" and "replay errors" and how can we reduce them?

Also The CPU utilisation of the router is going above 60% frequently, what is the reason?

This is urgent so please suggest

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 11/25/2008 - 13:14

Hello Rakesh,

here is the link to the command reference of

show pas vam interface

http://www.cisco.com/en/US/docs/ios/interface/command/reference/ir_s5.html#wp1016563

ppq_full_err

Number of packets dropped because of a lack of space in the packet processing queues for the VAM. This usually means that input traffic has reached VAM maximum throughput possible.

pkt_replay_err

Counter that is incremented when a replay error is detected by the VAM

These are for VAM but I think they apply to VAM2+ the names are just a little different.

Verify with the datasheet I provided in the other thread if your traffic volume is more then the declared performance.

However, your bigger problem is the very high cpu usage.

I would investigate that first use the second link in the post in the other thread for this.

Hope to help

Giuseppe

Actions

This Discussion