Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

7206 VXR NPE-G2 pps


I currently am running a 7206 VXR running C7200P-SPSERVICESK9-M), Version 12.4(4)XD8.

This router has a gigabit connection to an upstream provider, and on an average day the utilization is about 100Mb in and 85Mb out, roughly 20k-30k pps on each.

Lately a web server we have has been getting DOS'ed, and the input from that gigabit connection spikes to around 110k-150k pps, and basically this cripples the router. I know that the Cisco literature says that the router should be able to handle 2million pps, but that does not seem to be the case. CPU spikes to 100 percent, causing the BGP sessions to flap etc, so it seems that the packets are hitting the CPU, but we are running cef, so not sure why so many are hitting the CPU.

Has anyone had experience or similar problems with the NPE-G2?

Not many policy's on the router, just an ACL on the gigabit interface to the upstream provider, as well as a few route maps with AS filters etc.

Not sure if its just the nature of the DOS that is killing my 7206 NPE-G2 or that those routers are just getting to be outdated now, and we may need to look to upgrading to the ASR series or a 7600, but I have no experience with the ASR's.

Thanks for any input.

Super Bronze

Re: 7206 VXR NPE-G2 pps

I haven't encountered the situation you describe, but if the problem is being caused by a DoS attack, perhaps IP/TCP options within the packet are forcing process switching. What's show process look like when this happens?

CreatePlease to create content