nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco ASR9902 SNMP polling ... is interesting

From: Saku Ytti via NANOG <nanog () lists nanog org>
Date: Fri, 8 Aug 2025 19:27:59 +0300
On Fri, 8 Aug 2025 at 18:45, Nick Hilliard via NANOG
<nanog () lists nanog org> wrote:


If Cisco have implemented a pps limiter of 50k/s, that's a lot of snmp
pps. Is this a realistic amount of requests to be properly serviced per
second? SNMP packet encapsulation / general handling is one thing, but
stats collection / intermediation can be more heavyweight. Bear in mind
that the failure modes in this sort of situation are often non-linear.


In this case something less obvious is happening, OP isn't pushing 300
pps, yet the policer is firing.

This could be a legitimate bug, might require a peek into what
actually gets programmed into the BRCM.

In PTX PE (Paradise) there isn't a PPS policer in the hardware, yet
ddos-protection can only be configured as PPS. So as a compromise the
developer decided to program (1500*8*pps) bps policer. So out of the
box, standard configuration, the box will admit far too many small
packets, more than the VoQ from ASIC -> LC_CPU can admit, congesting
the whole VoQ, which is shared by most things. Unfortunately the user
cannot change the 1500 into 64, nor can user decide which
ddos-protocols go into which VoQ, making it very tricky to get
reasonable punt results under poor weather.

-- 
  ++ytti
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/MGQJ3IHTTP4T6H2BFPTKVILRK6P5EPTM/
Previous By Date Next
Previous By Thread Next

Current thread: