cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
0
Helpful
4
Replies

Performance limitations on the CSS - What are they ?

michael.e.reid
Level 1
Level 1

Hi, we have two CSS11503 and two 11050 boxes which we think could be hitting the limits in how much traffic, concurrent connections etc they can handle.

Does anyone have a link to the Cisco figures for what these boxes can handle, and is there a way to get this info from the boxes ?

cheers,

Mike

4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

Mike,

from the box, you can do a 'flow stat' in debug/llama mode.

Check the following info:

Number of Free fast-path FCBs 131071

Number of Flow Drops 0

Max Number of Flow Control Blocks 537157

If you have drops, this is a sign you have reached the limit.

If your number of free FCB is low, the risk to have drops is high.

That's for the number of concurrent connections.

For number of new connection/sec, you should check the CPU with

'show system-resources'.

If you're continously high above 60% on all modules, you're close to the limit of traffic the box can handle.

Gilles.

Thanks for the great reply Gilles.

For the flow stats our figures look OK:

Number of Free fast-path FCBs 64223

Number of Flow Drops 0

Max Number of Flow Control Blocks 116648

But our SCM and SAM are continuosly at 100% which is obviously not good.

But would be not expect to see flow drops when our processors are maxed out ?

We are having an issue with only one content rule at the moment, could we have an issue with a single process, or perhaps a memory leak ?

cheers,

Mike

Mike,

the drop counter in the flow stat increases when there is no FCM memory available. No if the box is overload.

For your cpu issue, you may check 'sho ip stat' to see what amount of traffic you get.

There is the possibility of a process going crazy and consuming all CPU, but I do not think you would have both SCM and SAM running very high at the same time.

You can do a 'cpu hog 1' to see the most recent process. Do it several times.

If the same process comes again and again that's the one consuming the CPU.

If it is something like tFlowMgrPktRx it means you are simply receiving a lot of traffic.

Is your content rule affecting the box a L7 rule ? If yes, try to make it L3/4 to see if that helps. Just to confirm this is related t o traffic.

Gilles.

Gilles,

Does the output below tell me that I have a max of 116648 concurrent flows (well 53324, half as a TCP flow uses up two) that the CSS can handle on this processor.

Max Number of Flow Control Blocks 116648

cheers,

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: